Skip to main content

Your Blog, Permissions, and Token Based Access

Those of us who carefully control access to our blogs - whether granting read access to only certain friends, or providing author or alternate administrator status to our most trusted friends - use the Settings - Permissions wizard to grant and monitor the access. Not everybody knows how our friends are granted access though, and that may be part of a major flaw in controlling access.

Take a look at the email, that your friends get, when you grant access to one of your blogs. In it, you'll find a message with a clickable link (details masked here, to protect the innocent)
The Blogger user xxxxxxxxx has invited you to read the private blog: xxxxxxxxxxxxxxx.

To view this blog, visit:
http://www.blogger.com/i.g?inviteID=nnnnnnnnnnnnnnnnnnn&blogID=nnnnnnnnnnnnnnnnnnn

You'll need to sign in with a Google Account to confirm the invitation. If you don't have a Google Account yet, we'll show you how to get one in minutes, or you can view the blog as a guest for up to 30 days.
Do you see the link?
http://www.blogger.com/i.g?inviteID=nnnnnnnnnnnnnnnnnnn&blogID=nnnnnnnnnnnnnnnnnnn


That link contains a component called, in security context, a token. You execute the token when you click on the link; and you gain access to the blog, when you execute the token.

One of the benefits from token based access is the ability that you, the prospective new blog member, get when you receive the invitation email from a friend. You can execute the token from any valid email address that you wish, simply by forwarding the email as you see fit.

Unfortunately, this is both a benefit and a drawback to token based access. Besides you forwarding the email to yourself, at another address, there's nothing stopping you from sharing the email with other friends. Or, even posting it in a public forum.
Question: If my blog is configured to be viewed only by authorized people, how come anyone can see it, by clicking the link:

http://maumau44.blogspot.com/?guestAuth=_O7DZR0BAAA.VmQii4g5EwTaF6pOh...


You, the blog owner, have to be able to trust your friends. Don't make your friend a member, if you can't trust him to not share access with others.

>> Top

Comments

Popular posts from this blog

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.

Help! I Can't See My Blog!

I just posted to my blog, so I know that it's there. I can tell others are looking at it. But I can't see it.

Well, the good news is you don't have a blog hijack or other calamity. Your blog is not gone.

Apparently, some ISPs are blocking *.blogspot.com, or maybe have network configuration or infrastructure problems. You can access Blogger.com or you can access Blogspot.com, but you can't access nitecruzr.blogspot.com, or bloggerstatusforreal.blogspot.com.

You can't access them directly, that is. If you can access any free, anonymous proxy servers, though, you may be able to access your blog.

Note: You can use PKBlogs with the URL pre packaged. Here is the address of this post (with gratuitous line breaks to prevent the old post sidebar alignment problem):
http://www.pkblogs.com/bloggerstatusforreal.blogspot.com/
2006/07/help-i-cant-see-my-blog.html


And an additional URL, to provide to those suffering from this problem, would be the WordPress version of this post:
ht…