I was looking at the network request/response made by photos.google.com. When I clicked on an album, as expected, the server just returned a list of photo IDs in the album and the cdn url to download the photos. Then my browser made another request(s) to Google CDN using the urls returned earlier and downloaded the photos.
The CDN url looked something like (intentionally modified to post here):
https://lh3.googleusercontent.com/rpFgzMwheqshfkwelrklsjfkwejjlfjlsjfjsfjweojjsf
When I pasted the url in browser, it was able to download the photo even when I was not signed in.
So how does Google does access control at the CDN level? Does that mean I can access any photo of anyone if I know the random key at the end (I understand it's impossible to guess because it's a really really long random string)? How does Google generate this really long random url for each resource and maintain the mapping?
Assuming you're asking about user profile pictures, yes they can access them. Google has an official API for this.
Related
My question is same as the link :
How to use Google Analytics to track views of static HTML pages on file server?
It requires me to input the website with the http and https, but my static file is using local path,
how can I input the website URL?
Also, I cant find the tracking info under the property, so please help and thanks for answering the questions!
This URL is required but it is not decisive for the functioning and data collection in Google Analytics, so you can enter whatever you want to proceed with the setup.
You can find measurement ID by selecting the stream in Data stream.
We have a website that contains encrypted user information in the URL. For example:
www.mysite.com/default.aspx?xs=ew0KICA
Our client reported Bing.com is coming up with that full URL (including the encrypted user information) and is allowing data to be viewed without logging in. How can I prevent Bing (or any search engine) from returning the URL with the user information?
Also, please note that I did not design this site so I'd ask you to avoid comments such as "you shouldn't pass user information that way." It's not how I would have done it, but I need to fix it with minimal time allocated to me to do so. I just need some help figuring out why Bing did this and how to stop it. Thanks!
I am sending an marketing Email attaching an image or PDF URL.
Is there is any way to track how may users viewed/clicked this page via google analytics ? I could see the number of page view who accessed html pages but seeking for a way to find how many of them accessed image or PDF URL?
Including a link directly to a pdf or image will simply open the resource without JavaScript tracking or cookies required for Google Analytics.
You would need to send a GA hit from your server in response to the request for those files - neither trivial nor recommended in this case
Rather send the link to a page on your site containing the content.
Tracking that in GA is trivial and is likely already set up on your site.
If you need to have the content in a PDF rather than on the web page directly, have a link to the PDF and track that as an event or Virtual Page View
I would also recommend tagging the link in your email with GA UTM Campaign Parameters to identify the traffic from that link
If your question is about tracking the email itself, please restate the question.
all I am trying to create Google Analytic clone. I know how to get information about the browser location IP and other similar things in PHP
What I want to know is how to create a java-script which sends this information from any website where my code is placed on my server ???
What is the minimum security requirement to create a tracking JavaScript code like google analytics?
redirect users to different pages based on session data in PHP?
Or in other words, do I have to send an ajax request to my server?
Is there any available solution already available subject to java-script?
Most analytics tools generate a url with query string parameters attached to it and then output a 1x1 image pixel, with the img src as the url. Your server would then receive and store the data. The only thing returned is the actual 1x1 pixel. This is the common method because in the event a site does not have js enabled, you wrap a hardcoded img to your server in noscript tags and still get basic info like page view.
But is there a reason why you are wanting to build your own analytics script instead of use an existing one? There are a number of 3rd party ones available, including free ones. Alternatively there is Piwik, which is a free and open source solution if you want to build off it and not have to start from scratch.
Here's the scenario:
I have a mailing list that contains a PDF download link. The PDF contains ads with clickable links. I need to get analytic data on the link clicks - preferably via Google Analytics (due to the richness of information available).
The solution I have in mind is for the link to go to a web page that I host with some sort of ad-specific token. GA records the request and then I use a client-side technique to redirect to the actual target URL. The redirect page serves no purpose other than to track the click and so I'm not worried about it being perceived as cloaking by search engines.
What I want to know is:
Are there any alternative ways to achieve the tracking without using an intermediate redirect page (could I perhaps call GA server-side somehow)?
If I do use the redirect page approach, what are potential pitfalls could I encounter?
Thanks in advance for any advice.
dunno what server-side environment/language you use but for instance in php you can use cURL to send an image request to google, with the custom code appended to the url. Easiest way to do it is to output the code with javascript with your custom code and then capture the image request url with a sniffer, so you can replicate the format for your cURL request. Make sure to send header info, including fake browser info so GA doesn't weed it out as a bot. Then forward to the ad url. That way you don't need to output a page.
Yeah you still have a 'redirect' happening but you cut out having to have the client download a page or worry about javascript being disabled, etc...
unfortunately there really isn't anything better you can do.