QuMagie facial thumbnail ignore access permission and leak privacy information

Please post your questions about using the web-based Photo, Music, Video Stations here.
Post Reply
comicfans
New here
Posts: 2
Joined: Thu Mar 15, 2018 3:47 pm

QuMagie facial thumbnail ignore access permission and leak privacy information

Post by comicfans »

I've seen bugs in QuMagie and PhotoStation

1. QuMagie show facial thumbnail even such photo only included in photostation. for example:
Multimedia Console config QuMagie to scan public dir only, and config PhotoStation to scan both public + privacy dir
now open QuMagie (from mobile), facial album will shows thumbnail of photo only in privacy, while clicked in such ablum
the thumbnail photo won't show here, confusing.

2. Such thumbnail even ignore user access permission check, for example my user to access QuMagie is deny from access privacy dir,
but the thumbnail may still be a photo from privacy, that leaks user privacy information ,badly.

Seems that QuMagie and PhotoStation shared the same facial result and even the same thumbnail across different user (whom even with different access permission), this breaks user permission, leak sensitive privacy information and makes QuMagie/QPhotostation completely useless for multi-user environment.
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: QuMagie facial thumbnail ignore access permission and leak privacy information

Post by dolbyman »

best to report/complain to qnap via ticket...qnap does not come here to read your post
Last edited by dolbyman on Fri Jun 25, 2021 10:49 pm, edited 1 time in total.
comicfans
New here
Posts: 2
Joined: Thu Mar 15, 2018 3:47 pm

Re: QuMagie facial thumbnail ignore access permission and leak privacy information

Post by comicfans »

Thanks for suggestion
Theliel
Know my way around
Posts: 124
Joined: Tue Jun 12, 2018 4:52 am

Re: QuMagie facial thumbnail ignore access permission and leak privacy information

Post by Theliel »

Yes, are easily reproducible, I'd already reported time ago and both are "confirmed". The same its for Event Albums or Labels, not only faces
Post Reply

Return to “Photo Station, Music Station, Video Station”