).
It is very serious and I need to fix this before there is content theft.
MORE INFO:
I recently updated to 1.7
Team
Hi Ross
I type "privacy" and find some results but:
• http://www.oxwall.org/forum/topic/22343 (this one talks about newsfeed plugin and it's not ended or solved)
• http://www.oxwall.org/forum/topic/20850 (this one talks about traduction in a text key, only this)
• http://www.oxwall.org/forum/topic/17546 (in this topic, Kostia talks about other plugin, the 'questions plugin' but it isn't the same)
• http://www.oxwall.org/forum/topic/18235 ;
------this one it's the most similar problem like mine… and I say any things about…:
An user called Wilson say: "…go to your oxwall /admin/permissions area of your site. You should be at “Global Privacy” area, looking below at “Guests can view the site” check the “NO” box and press “save”. Now no one can see your site unless they have registered."
… and, for sure, I do that and i selected: "Unregistered users can't see photos"; any guest people are unchecked in all pluggins, but, if they have any photo url direction, they can.
In global permissions:
And in role permisions (photos):
I see any special difference, when I type a url to see any photo (http:///..._1_530815c819de5.jpg); the server don't make any db query and don't need to check if guest is registerred or not, only show the result. It's not the same like if I try to search an result about one registered user like www.mydomain.com/user/pit
Now I say one thing more…… The user who upload this pic, put in their own privacy terms that only show photos with friends (only friends registered in the system) but all people who can read this, can see the photo only clicking here: http://www.bdsmhispano.com/...838cfb8292.jpg. ;
Ok, the photo names are complicated (photo_1_530815c819de5.jpg) because use a random names but if any registered user report 1 by 1, all photo names and post the links in another site (like i do here), the photos are exposed without any security... and... wait!!! if they want, can do hotlinking too O_o
Make sure, Ross, that I search in the forum any solution to this bug, searching by "privacy" and searching by "photos" but i don't find a exact problem solution. Maybe the thread solution is written in another language, I do not say no, but I could not find it. If you know where talks about this exact problem, I would appreciate very much to provide me the link.
Team
=_= hummmmm, i see, it's no easy.
Ok, for the moment, I minimize the risk preventin hotlinking, I just found this: http://www.oxwall.org/forum/topic/13128
...and I apply, for sure. (I need to try now if is working).
Thanks Ross.
Leader
