Highlighted

Adobe Portfolio password protection

Community Beginner ,
Jul 05, 2020

Copy link to clipboard

Copied

Hi, since Portfolio doesn't have a dedicated board anymore, I'll post this question here.

I have set a sitewide password on the portfolio site. Everything works fine, but I see that the assets are still publicly available, if you have the unique url. (ie: https://pro2-bar-s3-cdn-cf6.myportfolio.com/abdfa********************aecc71/0af*********************... where *s are alphanumeric characters). The url for each image can be found in web development tabs in chrome or Firefox.
Given it seems that the assets are not encrypted, are they safe from crawlers of any kind and search engine indexers? I don't want them to show up anywhere else on the web, and not being collected automatically by any other service.

 

 

Adobe Community Professional
Correct answer by Nancy_OShea | Adobe Community Professional

To be honest, I'm not sure what you're trying to protect.  Adobe stores assets on Content Distribution Networks just like 75% of worldwide websites do.  Since your site is password protected, your assets are safe as long as your site URLs & password are never released in the wild.  Simple as that.

 

Topics

Creative Cloud

Views

128

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Adobe Portfolio password protection

Community Beginner ,
Jul 05, 2020

Copy link to clipboard

Copied

Hi, since Portfolio doesn't have a dedicated board anymore, I'll post this question here.

I have set a sitewide password on the portfolio site. Everything works fine, but I see that the assets are still publicly available, if you have the unique url. (ie: https://pro2-bar-s3-cdn-cf6.myportfolio.com/abdfa********************aecc71/0af*********************... where *s are alphanumeric characters). The url for each image can be found in web development tabs in chrome or Firefox.
Given it seems that the assets are not encrypted, are they safe from crawlers of any kind and search engine indexers? I don't want them to show up anywhere else on the web, and not being collected automatically by any other service.

 

 

Adobe Community Professional
Correct answer by Nancy_OShea | Adobe Community Professional

To be honest, I'm not sure what you're trying to protect.  Adobe stores assets on Content Distribution Networks just like 75% of worldwide websites do.  Since your site is password protected, your assets are safe as long as your site URLs & password are never released in the wild.  Simple as that.

 

Topics

Creative Cloud

Views

129

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Jul 05, 2020 0
Jul 05, 2020 0
Community Beginner ,
Jul 05, 2020

Copy link to clipboard

Copied

Hi thanks. I submitted a ticket, but it was not strictly a problem, just a request for technical information. I don't need help using the product and the product is funcionting as expected.

This is message board stuff, not helpdesk stuff.

Why was the portfolio board shut down?

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 05, 2020 0
Adobe Community Professional ,
Jul 05, 2020

Copy link to clipboard

Copied

The Internet is all about sharing information.   Assets stored on a public facing website are accessible to everyone including search engines, robots and humans.  Don't publish anything online that you don't want to share with the world.

 

That said, Adobe Portfolio supports password protection of your entire site or single pages.  But everyone with the password also has access to the assets because that's how the web works.

 

If you think disabling right-click will protect your digital property, think again.  It's absolutely meaningless.  The best you can do to prove ownership is digital watermarking or barcoding.  See the Digimarc plug-in for Photoshop CC below.

https://helpx.adobe.com/photoshop/using/digimarc-copyright-protection.html

 

Nancy O'Shea, ACP
Alt-Web.com

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 05, 2020 0
Community Beginner ,
Jul 06, 2020

Copy link to clipboard

Copied

Maybe i was not clear enough.

I already set up passwords, and I don't care about people saving my files or not, if I gave them the passwords.

I was asking about network security for the storage servers, since the assets aren't encrypted. I am worried about bots and crawlers collecting and indexing images, not people. So I'm asking, are the media servers crawlable by bots, when my assets are password protected and the option for the search engine discovery is off in the options?

 

Thanks a lot.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 06, 2020 0
Most Valuable Participant ,
Jul 06, 2020

Copy link to clipboard

Copied

I think you are looking for something that does not and cannot exist. There is no special security that applies only to bots. And bots have no special privileges to let them get a list of pages.

Bots/spiders/indexers visit web sites. When they do so they are just like an ordinary web user with a browser. They connect and read a page they believe to exist. As they read the page they may find links, and the links may be added their list of pages to visit. That's it; starting with a few pages, eventually the whole public web gets visited.

So... if there is no link to your pages, a bot will not know they exist, and cannot visit. But if even one person mentions a link in another public page, or you put it in a user profile, or anything like that, the bots can visit and probably will. Of course bots do not know your password and cannot read what you protect in this way.

(Note: you may read of "robots.txt". This allows a site to ask bots not to visit. But (a) bots are entirely free to ignore this request (b) a site like Portfolio WANTS bots to visit and you cannot add your own pages to an exclusion list).

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 06, 2020 0
Community Beginner ,
Jul 06, 2020

Copy link to clipboard

Copied

We are coming close to the answer.
I know bots are stopped by passwords on the page and thus can't read the image urls on the page. That's not what I am asking.

What i want to know is if the crawling and indexing can be done "blindly" on the servers INDIPENDENTLY of the website pages, en-masse, on entire storage servers, on media asset directories which may include my files among the countless others.  Can a bot discover and crawl the directory structure in https://pro2-bar-s3-cdn-cf6.myportfolio.com/, or any other storage server? Maybe a normal bot can't, but a malicious one with proper tools can?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 06, 2020 0
Most Valuable Participant ,
Jul 06, 2020

Copy link to clipboard

Copied

What malicious software can do is anyone's guess. However, I suspect if someone has the dark web tools to hack into document servers, they aren't doing it so they can make public indexes...

Otherwise spiders can only do what you or I can do, but more quickly. You posted a link which takes me to an error message, but if it went to a directory listing, a bot would see it. A web site might be invisible to bots, but be exposed because you've asked a question in a public forum like this one, and so forth. If a server was unwise enough to have a public facing feature to get a list of all files, a bot could use it of course.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 06, 2020 0
Community Beginner ,
Jul 06, 2020

Copy link to clipboard

Copied

That's exactly what i'm asking here, do Adobe storage servers have a public facing feature to get a list of all files? Or as you put it - are they unwise enough to have it? And how can I know? As you saw, clicking on that link brought you nowhere, but it was just the url for one of my assets, truncated to exclude the file name.
So that server won't let the user list, but is this valid for all network actors?
You said bots can only do what users do, so I think i'm golden. Files on those storage server should be secure, at least as common cloud storage files such as ones on dropbox or gdrive.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 06, 2020 0
Adobe Community Professional ,
Jul 06, 2020

Copy link to clipboard

Copied

To be honest, I'm not sure what you're trying to protect.  Adobe stores assets on Content Distribution Networks just like 75% of worldwide websites do.  Since your site is password protected, your assets are safe as long as your site URLs & password are never released in the wild.  Simple as that.

 

Nancy O'Shea, ACP
Alt-Web.com

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 06, 2020 1