Hello Ilja,

You are right, if a user browses the source of the page they will be able to see the URL of the photo. This happens because Photo plugin adds meta tags for the sharing feature which drag and show the URL of the original photo file. I have reported this to Oxwall team and we jointly will fix this issue.

Thank you for the report.

What is status on the issue that Ilja has described. Have you soon a update that will fix this?

Phil, the problem is not in the plugin, but in the Oxwall core. There is the meta info in the Oxwall software which grabs image URL. Unfortunately, we cannot affect this functionality from inside of our plugin. That's why we contacted Oxwall team and ask them to consider adding additional events to handle such situations. 

P.S. Basing on our experience - most of the users do not even know how to view the page source, so this problem potentially, is not so harmful, as we think. Anyway, we do our best to find a proper solution as soon as possible.

Thank you for understanding.

I also agree with Phil that it's not what buyers expect when they pay money, independently why this happens. If oxwall core doesn't allow to build secure module - then it shouldn't be built, and especially - sold.

I'm appreciate that you building plugins, keep do so. I just hope you'll resolve the problem.

What's not clear to me,  why you are referring Oxwall? Aren't Skalfa and oxwall same people ?)

Ilja, you are right, Oxwall and Skalfa is the same people. However there are two teams which work on two different products. We distribute our plugins just like other third-party developers. It's the same if any other plugin developer from the Store faced such issue - they would have to contact Oxwall and wait till they implement this or that needed event. Unfortunately, we cannot affect Oxwall roadmap and cannot force Oxwall to update their platform just because we need some functionality implemented.  We understand the seriousness of the situation and will try to find alternative way to solve this issue. 

Thank you for the report and your patience.

Ilja, if by saying the "commentor wall" you mean the Newsfeed, so then - you are right, the item about comment will show up on the user's profile, but the photo will be hidden by the lock image.
Here is how we tested it:
Here are three users: user A, user B, user C.
User A uploaded a photo, and protected it by password.User B entered the password and commented on the photo.User C opened the user A's profile, he couold see the item about comment, but not a photo. (see the screenshot)Meanwhile the user A and User B can see the photo, because User A is the photo owner and the user B had entered the password.

Ilja, this problem has nothing to do with our plugin. We use standard methods and provide some ours, so, if the plugin developer wants their plugin was compatible with ours, they should use the same methods. For example, PayPal plugin, if someone wants their plugin works with the PayPal plugin they should use functions and methods the plugin provides to make it work correctly. 

In your case you need to contact the Profile Snippets developer and ask them if their plugin will provide the possibility to hide photos if the album is private.

From our end, all we can do is to add to all our plugins description information about that we can guarantee that the plugin works with Oxwall core and all Oxwall/Skalfa plugins. But, we believe if you take a deeper look into how it all works - you will see that there is no need to add this additional info since it would be insufficient for customers who have no idea how it works and annoying for others.

P.S. Usually, before buying our plugins, customers contact us directly and ask the questions about the plugins' functionality or compatibility with other plugins. 

Regarding Disclaimer, as you know, this plugin is sensitive one. Buyers want to be safe and therefore choose to pay you (as respected developer) rather than take any free plugins from doubtful reputation developers. 

There are already 2 threats reported by me: "view source" which you point to Oxwall core team and using "Profile snippets" which you point to Sergey (also an Oxwall developer)... As you guys are also on Oxwall developers I'm really lost in understanding what is going on :)

Another problem, if the plugin doesn't provide an expected privacy level - it becomes useless. Even worse, it's complicated to uninstall it, as protected photos at that moment will become available to public which may cause very painful reputational damage for site who relied on the plugin.

You're also right, we should ask a developers developers about functionality, but I'm not sure if you would provide this information at that moment. As probably you even didn't know about privacy holes mentioned in this thread.

P.S. Please don't look at me as to a problematic client spending just 25$. I just try to help improving quality being a heavy oxwall user and getting lot's of feedback from our visitors. I hope my help will allow you to earn more cash by providing better services and quality.

Ilja, we really appreciate your feedback and reports. We do our best to solve the issues our plugin has, but sometimes our hands are tied and we should wait for Oxwall core release or Oxwall plugins release to solve some bugs or holes.

P.S. The security hole related to the meta info has been fixed. Now, if the image is protected by password, the image is not available. 

Ilja, we've checked your report (point 2) at our demo site and everything works just fine. The photo appears for admin in the Newsfeed, also when the admin clicks on it and when the admin browses the album. Could you please provide us with the steps on how to reproduce this issue.

As for the comments - we've forwarded this to our product designers. Thank you for the suggestion.

maybe have a admin option where he can set password or NOT show for FREE members or set both option.

I have an rss feed that sends newly uploaded pics to our facebook page. It is displaying private photos.