Secure access to restricted image files via the thumbnail
Guest users are able to access restricted image files via the thumbnail.
When the institution has specifically restricted access to files, then guest users should not be able to view or download the file.
However, for images, Leganto creates a thumbnail which is visible to guests. Worse than this, if the user right clicks the thumbnail they can then view or save the image file.
This is a breach of the security configuration and may infringe copyright or permissions for use of the image.
We would expect that for guests (or signed-in users who are restricted (eg. not a student in the course) the thumbnail should be obscured, and certainly the download or view in another tab, or save as options should be deactivated.
This is available in the December 2023 release, as part of the overlay view for images.
-
AdminMiriam (Leganto BA, Ex Libris) commented
Hello,
In the new UI we will remove the thumbnail for images, we will add an icon instead.
Thanks,
Miriam, Leganto product owner -
Clinton Bell commented
I wonder if this means the images could be scraped by bots as well?
We aren't really doing public lists at the moment but it's something we may want to explore in the future. If the access permissions don't actually work properly that may be a barrier to using this feature.