I came across the following problem with linking between 2 gedcoms on my site. I have a person who asked to restrict access to some persons. I added the privacy settings to "Privacy Sttings by ID" for this gedcom. But there is a link between some gedcom's, and Google has indexed this person through a remote site link.
When I access the ID directly there is no problem: the privacy message is shown. However, when accessing this person through the Google link, I am able to get the name of this person. Also, when accessing the husband of this person I am able to see the marriage and the children's names, which should also be protected. So it looks like the remote link does not obey the privacy settings of the remote site (which is also a local gedcom).
One other thing that I got my attention:
One setting that is different between the two gedcom is the "Show living names" setting. The local Gedcom has this set to "Show to public", the remote site has this setting set to "Show to authenticated users only". When accessing the remote site through the link I am able to see all the names, even though I am not logged in.
Can someone confirm this as a problem, or tell me where I made a mistake in setting up the remote links?
Another issue that also related to this is the fact that Google (and other search engines as well) index remote site links links. Would it be possible to remove the remote site links from the search engine pages, or to redirect search engines to the real pages instead of letting them index the pages through remote links?
I am using PGV 4.2, but did not see any mention of these issues with 4.2.1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This belongs more under HELP than under open discussion, but what you are seeing is what was expected by the developers of this feature.
Remote linking basically causes the remote site to follow the privacy restrictions of the 'parent/requesting' site, the one from which you created the linked data, not the originating/host site. People and family data is 'sucked into' the requesting site and privacy rules that exist there are then applied. If you allow NAMES to public, then the remote site data will display under the same rules. It would be near impossible to apply the privacy restrictions of the remote site to the data and then request the data be transmitted to the requesting site - or there would be a substantial delay in processing.
This is the information provided me when John created the remote link option and I've found it to be true under all circumstances, without fail.
-Stephen
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hmm. I've just taken a very quick look at client.php. I'm not sure I follow the logic for when to apply calls to privatize_gedcom(). IMHO, it might be better to call it unconditionally on every fetch.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Greg
Sounds plausible to me. I never liked the way it was (wasn't) applied, but most of this was written by one of John's class projects and I'm not sure how familiar they were with other facets of PGV and how critical the application of privacy was to all the processes. Stephen
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I came across the following problem with linking between 2 gedcoms on my site. I have a person who asked to restrict access to some persons. I added the privacy settings to "Privacy Sttings by ID" for this gedcom. But there is a link between some gedcom's, and Google has indexed this person through a remote site link.
When I access the ID directly there is no problem: the privacy message is shown. However, when accessing this person through the Google link, I am able to get the name of this person. Also, when accessing the husband of this person I am able to see the marriage and the children's names, which should also be protected. So it looks like the remote link does not obey the privacy settings of the remote site (which is also a local gedcom).
One other thing that I got my attention:
One setting that is different between the two gedcom is the "Show living names" setting. The local Gedcom has this set to "Show to public", the remote site has this setting set to "Show to authenticated users only". When accessing the remote site through the link I am able to see all the names, even though I am not logged in.
Can someone confirm this as a problem, or tell me where I made a mistake in setting up the remote links?
Another issue that also related to this is the fact that Google (and other search engines as well) index remote site links links. Would it be possible to remove the remote site links from the search engine pages, or to redirect search engines to the real pages instead of letting them index the pages through remote links?
I am using PGV 4.2, but did not see any mention of these issues with 4.2.1
This belongs more under HELP than under open discussion, but what you are seeing is what was expected by the developers of this feature.
Remote linking basically causes the remote site to follow the privacy restrictions of the 'parent/requesting' site, the one from which you created the linked data, not the originating/host site. People and family data is 'sucked into' the requesting site and privacy rules that exist there are then applied. If you allow NAMES to public, then the remote site data will display under the same rules. It would be near impossible to apply the privacy restrictions of the remote site to the data and then request the data be transmitted to the requesting site - or there would be a substantial delay in processing.
This is the information provided me when John created the remote link option and I've found it to be true under all circumstances, without fail.
-Stephen
Hmm. I've just taken a very quick look at client.php. I'm not sure I follow the logic for when to apply calls to privatize_gedcom(). IMHO, it might be better to call it unconditionally on every fetch.
Greg
Sounds plausible to me. I never liked the way it was (wasn't) applied, but most of this was written by one of John's class projects and I'm not sure how familiar they were with other facets of PGV and how critical the application of privacy was to all the processes. Stephen