I have been surprised to find that a visitor to my site has apparently been able to view a photo on my site in 'original' size (but, hopefully, not copy it) when the relevant gallery customisation parameter that would enable this ('can people view your original, full size photos?') is set to 'no'.

An extract of the StatCounter log which revealed this problem follows. When I click on the reported URL, it brings up the image in 'large ' size, but enables me select 'original' which then appears to become the new default. Can anyone explain what is going on here?

http://rosscollins.smugmug.com/photos/57444229-L.jpg

Hi Ross, I looked at your gallery and went thru Large to access the original, but ar your original resolution 800X566? The original size seems to be the same resolution as a large photo, but I'm no expert, just curious myself:dunno. I'll let the smughouse pros chime in...

I have been surprised to find that a visitor to my site has apparently been able to view a photo on my site in 'original' size (but, hopefully, not copy it) when the relevant gallery customisation parameter that would enable this ('can people view your original, full size photos?') is set to 'no'.

An extract of the StatCounter log which revealed this problem follows. When I click on the reported URL, it brings up the image in 'large ' size, but enables me select 'original' which then appears to become the new default. Can anyone explain what is going on here?

http://rosscollins.smugmug.com/photos/57444229-L.jpg

Hi Ross, I looked at your gallery and went thru Large to access the original, but ar your original resolution 800X566? The original size seems to be the same resolution as a large photo, but I'm no expert, just curious myself:dunno. I'll let the smughouse pros chime in...

i'm pretty sure this is the designed behavior. instead of showing a 404 or something like that, it shows the maximum allowed size, be that large or medium (if larges are disabled).

I have been surprised to find that a visitor to my site has apparently been able to view a photo on my site in 'original' size (but, hopefully, not copy it) when the relevant gallery customisation parameter that would enable this ('can people view your original, full size photos?') is set to 'no'.
Under normal circumstances you don't get the original by adding /Original to the url. So don't worry - the person just got your large picture even though he somehow accessed the original-link.

But through this I acutally found a way of accessing the Originals by mistake! I'm gonna send this straight to smugmug and won't describe the bug here further.

Sebastian

Under normal circumstances you don't get the original by adding /Original to the url. So don't worry - the person just got your large picture even though he somehow accessed the original-link.

But through this I acutally found a way of accessing the Originals by mistake! I'm gonna send this straight to smugmug and won't describe the bug here further.

Sebastian

Hello Sebastian,

Please let us know if this problem has been corrected by Smugmug. If you found a "Backdoor" to access the original photos, that is a SERIOUS problem that must be corrected ASAP.

Thanks,

David....

Please let us know if this problem has been corrected by Smugmug. If you found a "Backdoor" to access the original photos, that is a SERIOUS problem that must be corrected ASAP.

David,
word about it is out to smugmug. I'm sure they'll take care of it ASAP! :thumb

Stay tuned,
Sebastian

I had a make-up artist tell me she could open up and download my originals, even though everything was set so that wouldn't happen. I don't know how she did it though. Now, I post my galleries small (450 pixels tall) with a copyright notice on them. Then in the description, I put a link that says something like "to order prints, click here".

And that goes to a gallery all stamped with the "proof" and only enabled to view large (not original). As of yet, the photos people are stealing are the small copyright ones (I see them on myspace.com profiles). But they avoid the "proof" ones. Anyway, I try to put the copyright notice in a place that makes it tougher than a quick crop to remove.

It's a brutal on-line world for us photographers who actually want to sell anything!

I have Andy Williams originals for sale. Buy one get 1 free!

Thanks for taking the trouble to provide your feedback and comments, everyone.

yeah... to reiterate what others have said, the /Original url will only show the largest possible size. No reason to alert people they aren't getting the actual Original... that just encourages them to try and be devious. :)

So you can get traffic on the /Original, but it won't actually give them the original. We have seen people claiming to have downloaded Original images too, and whenever we ask to see an example, it is always a large or medium. They just don't realize that they don't have the "high res original" because they have a pretty big sized picture (to them). To a non-photographer, those big Larges (and even Mediums to people on small monitors) look very high res and "original".

If there is a back door open on Smugmug to obtain the original files, as Sabastain has said, this must be a top priority for them. Let us know something.

David...

If there is a back door open on Smugmug to obtain the original files, as Sabastain has said, this must be a top priority for them. Let us know something.

David...
Retagger,

There are no back doors. Please look at JTs post above and these two links here:

http://www.moonriverphotography.com/gallery/1022944/1/47425794/Large
http://www.moonriverphotography.com/gallery/1022944/1/47425794/Original

Same photo. Same size. If you have Originals blocked, and someone goes to a /Original url, they will be served up the /Large size. If you have Larges blocked, they'll be served up the /Medium size.

I hope this clears up the confusion for you. If you have any questions, holler back.

All teh best,

Hello Andy,

I understand what you have written above. I am referring to the comments by Sabastian claiming that while investigating whether the original and the large files were infact the same, he claims that he found another way to obtain the original file. Is there any merit to his claim?

David...

Is there any merit to his claim?

David...

Nope. If you have Originals blocked in your galleries, visitors can't get to them.

If there is a back door open on Smugmug to obtain the original files, as Sabastain has said, this must be a top priority for them. Let us know something.
David,
I just got out of bed and checked on this. The issue I reported before is fixed. No need to worry anymore.

Sebastian

I have Andy Williams originals for sale. Buy one get 1 free!
I don't see anything funny in this. :rolleyes

Sebastian

I don't see anything funny in this. :rolleyes

Sebastian

:dunno

I don't see anything funny in this. :rolleyes

Sebastian

Sebastian,

yes it is a serious issue that was well picked up :thumb

but it's the kinda thing that you have gotta see the funny side of, that was Lee's intention.

Cheers,

David

I don't see anything funny in this. :rolleyes

Sebastian http://bigwebguy.smugmug.com/photos/57502266-L.gif

but it's the kinda thing that you have gotta see the funny side of, that was Lee's intention.
Yeah, but I'm not exactly sure if he jokes or not. He probably is, but it's just he asked me if I wanted a second opinion on the bug and even so I was 100% sure I sent it to him. What I got back was 'holy shit' and 'I'm gonna download me some andy williams originals'. Even though it was probably meant in a funny way, I felt bad about sending it to him and couldn't laugh at all about his joke. Probably because a smiley was missing.

So now this is off my chest. I don't mind posting this in public as he somewhat repeated his joke over here.

Sebastian

Yeah, but I'm not exactly sure if he jokes or not. He probably is, but it's just he asked me if I wanted a second opinion on the bug and even so I was 100% sure I sent it to him. What I got back was 'holy shit' and 'I'm gonna download me some andy williams originals'. Even though it was probably meant in a funny way, I felt bad about sending it to him and couldn't laugh at all about his joke. Probably because a smiley was missing.

So now this is off my chest. I don't mind posting this in public as he somewhat repeated his joke over here.

Sebastian
I also said "well done"

Also recognize that I'm a mod and it should be understood that i'm not going to exploit any knowledge that i may gain as being one.

It was meant more as a joke for Andy so it was a mistake on my part to even say it.

I also said "well done"

Also recognize that I'm a mod and it should be understood that i'm not going to exploit any knowledge that i may gain as being one.

It was meant more as a joke for Andy so it was a mistake on my part to even say it.
Yeah, you did and I know you're a mod, that's why I send it to you in the first place. It's nothing personal against you, it's just that I'm a bit odd in these kind of situations and tend to misinterprete stuff easily. Also it adds up that I've trouble detecting sarcasm and irony - thus reading too much stuff literary, especially when it's in written form.

Actually I'm glad you posted it here too - help to clear everything up for me.

Sebastian

So he really WAS able to get originals??? What the hell man!?

Maybe he shouldn't post how it was done, incase a similar bug exists...but still! WHAT THE HELL MAN!?

It was probably lightbox related...

So he really WAS able to get originals??? What the hell man!?

Maybe he shouldn't post how it was done, incase a similar bug exists...but still! WHAT THE HELL MAN!?

It was probably lightbox related...

the bug wont be posted, at least by any of us here.

and it wasnt lightbox related, so put your torch out.

It was probably lightbox related...

:lol3:lol3

Yeah, but I'm not exactly sure if he jokes or not. He probably is, but it's just he asked me if I wanted a second opinion on the bug and even so I was 100% sure I sent it to him. What I got back was 'holy shit' and 'I'm gonna download me some andy williams originals'. Even though it was probably meant in a funny way, I felt bad about sending it to him and couldn't laugh at all about his joke. Probably because a smiley was missing.

So now this is off my chest. I don't mind posting this in public as he somewhat repeated his joke over here.

Sebastian
Hey Sebastian,

Unfortunately, it's sometime difficult to read the undertones of a post (unless they use smilies :wink).

But I can, somewhat relucantly, confirm that BWG does infact have a wicked sense of humour :lol3:lol3

Dave

:lol3:lol3

hehe, actaully I was hoping it WAS lightbox related! At least that way our Originals would only recently have been vulnerable.

Is there anyway I can see if anyone was using that bug on my site?

hehe, actaully I was hoping it WAS lightbox related! At least that way our Originals would only recently have been vulnerable.

Is there anyway I can see if anyone was using that bug on my site?
See the release notes (http://blogs.smugmug.com/release-notes/2006/02/23/new-features-fixes-february-23-2006/). I stumbeled on the bug by accident and it is fixed now.
What Webster (thread starter) noticed was someone clicking on an Original link that just lead to the Large picture again, because Originals were disabled in the gallery.

Sebastian

See the release notes (http://blogs.smugmug.com/release-notes/2006/02/23/new-features-fixes-february-23-2006/). I stumbeled on the bug by accident and it is fixed now.
What Webster (thread starter) noticed was someone clicking on an Original link that just lead to the Large picture again, because Originals were disabled in the gallery.

Sebastian

You guys should hire Sebastian to find more bugs ;)

Seriously though, I really hope nobody has used this! If Sebastian could stumble upon it by mistake, I'm sure someone looking for it could've found it! Lets hope their statement is accurate "As far as we can tell, no-one ever used it"

David,
I just got out of bed and checked on this. The issue I reported before is fixed. No need to worry anymore.

Sebastian
Sabastian, you are the man! Thank you. :clap

I was originally told that there was no backdoor and as long as the "Originals" were off, that I was safe. But this proved them wrong. If Microsoft can get hacked, so can this site. I am glad that the techs fixed the problem so quickly though.

David...