Friday, November 03, 2006

Blogger bug makes drafts public

I have an unpublished draft post saved to my Blogger account. Being "unpublished", you would think that no-one else can read it yet. Surprise! You can view it here. As you can see, I even posted a comment to it. Bizarre. It's still unpublished, at least. (That is, the item page does not exist.) But the content is publicly accessible, which Blogger drafts presumably shouldn't be. So the upshot is similar enough.

Blogger users take note: anyone can read your drafts if they learn the postID (and hence can load the comment window using a similar link to my above example).

Of course, it'd probably never happen in practice, since (1) how would a would-be spy find the right postID? and (2) who would want to read our drafts anyway?

Still, as a matter of principle, Blogger probably shouldn't be leaving our saved drafts out in public cyberspace like that, for anyone to stumble upon...

3 comments:

  1. On a more positive note, I guess it does mean that Ye Olde Blogger already has (in practice not theory) part of the new Beta functionality already -- namely, access control. If I want to write a post for private discussion, I can save it as a draft and then send the comment link to whoever I want to join in; nobody else will know where to go (or even that it exists). Of course, it's not really private, as lamented in the main post, but being hidden in the jungle of cyberspace is the next best thing...

    (Of course, this wouldn't work if you have a public comment feed or "recent comments" feature, as I do...)

    ReplyDelete
  2. Interesting that you have pop-up comments on your blog, but this page loads in all the brown n' orange glory of the full-screen blogger comments page....

    ReplyDelete
  3. Yeah, you can just remove the "&isPopup=true" bit from any of my comment links to get the full-screen version instead. I chose that here because pop-ups don't include the main post.

    ReplyDelete

Visitors: check my comments policy first.
Non-Blogger users: If the comment form isn't working for you, email me your comment and I can post it on your behalf. (If your comment is too long, first try breaking it into two parts.)

Note: only a member of this blog may post a comment.