Apparently the popular photo sharing site Smugmug has a huge security hole that could allow anyone with a bit of common sense to access private photos on Smugmug. The basic problem here is that Smugmug uses URL’s for public and private galleries in a way that can be easily guessed. And whats even more shameful is that the people behind the site are aware of this issue, but they seem to be too keen to say that this is intended behavior.
If seeing private photos via publicly accessible URL’s is what you call intended behavior then I have nothing else to say to the Smugmug team..
Let me take an example here, when I typed in http://www.smugmug.com/gallery/1021 into my browser, i was looking at a collection of photos that were perhaps not meant for people like you and me to have a peak at. Ofcourse Smugmug has other features like password protection, but I’m sure that most users would take password protection as an added trouble in making photos private. They probably think that by marking them as private, no one else except them could see it. But things don’t work that way at Smugmug.
Facebook on Friday announced yet another feature that could allow the developers of Facebook Apps, to take it possibly to the next level by allowing them to create Apps that would work on any website out there. All this is done through a simple JavaScript library that the developers could use to display their apps on other website’s.
Here is what Wei Zhu of Facebook had to say about the new library
Since the library does not require any server-side code on your server, you can now create a Facebook application that can be hosted on any web site that serves static HTML. An application that uses this client library should be registered as an iframe type. This applies to either iframe Facebook apps that users access through the Facebook web site or apps that users access directly on the app’s own web sites. Almost all Facebook APIs are supported.
I have to say, that this really is a good move considering the popularity that the Facebook Apps have. If the developers could take it beyond Facebook and leverage the power of the Open Web, then it means a big win for Mark Zuckerberg and team.
Beast on 
Dabestfox on 
Plabon07 on