-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There's a glaring security hole in the way permissions are done with photos.
If I have a photo locked down so only I can see it, that means only I should
be able to see it. Not me and whoever else has the URL to the photo.
Flickr actually handles this very well, with guest passes and things like
that to allow specific non-users to see images people would otherwise not
want the general public to see. Another part to this is the sizes. I don't
want anything higher than the medium size available, but as it is now,
providing people with a link to the medium size might as well be providing
them with the links to all sizes, as all they need to do is append letters
to the end and they get what they want. This wouldn't matter if I could set
up an option to not allow people to access those sizes, and have them
blocked even if they get the URL right. I realize that I can limit the
damage by not giving out URLs to private images and only uploading a maximum
height or width of 500px, but that doesn't change the fact that the way it's
done now is wrong, and needs to be fixed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
iD8DBQFH0g5MR+qfHKe01Q4RAsbiAKCuKl+0ApZHOo06q+Iwcq6U/zT1cwCfbrZV
wFc+YURYU6dRPkEVc4ob8QI=
=CGYu
-----END PGP SIGNATURE-----
