|
Joined: Dec 2006
Posts: 5
stranger
|
stranger
Joined: Dec 2006
Posts: 5 |
In the version 6.5.5, admin CAN read Private Messages of any member, correct?
The member wouldn't know, right?
They could also make changes to a member's profile, right?
Thanks.. good info to know before I buy.
|
|
|
|
Joined: Jun 2006
Posts: 3,839 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Jun 2006
Posts: 3,839 Likes: 1 |
Only by becoming that user and yes they would know, as it would show up as read.
As a rule, I never read members PM's - I have no need to.
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
Well you could read it directly from the database tables to, but I agree. Why? If you're that bored you need to get a life.
I've been Admin of e-mail for years and not once read other peoples mail even though you "could". Need to have some internal ethics if you're going to be in a position of power.
.
|
|
|
|
Joined: Dec 2006
Posts: 5
stranger
|
stranger
Joined: Dec 2006
Posts: 5 |
Thanks guys. I TOTALLY agree with having ethics as an admin and one must really consider if they are up to it before taking it on. There was this stepmother support board I used to be on where the admins were doing that(becoming the user and reading PMs and changing profile info) and well, I have strong feelings about that and thought it was awfully wrong of them to do, but it's their board, their rules. Oh well.
Thanks for the info.
|
|
|
|
Joined: Jun 2006
Posts: 16,367 Likes: 126
|
Joined: Jun 2006
Posts: 16,367 Likes: 126 |
Even if the forum didn't have the ability to "become this user" and read messages/change data, they could always update information and read it through the database.
I think a great security measure would be to encrypt pm's usng one of the several available php methods, but you must keep in mind that sometimes validating info in pm's is a nessessity (immagine if you will someone harassing another user, if things where encrypted you'd be sol).
I think encryption of PM's though would be a first in bulletin board standards, i think it could be kinda cool lol
|
|
|
|
Joined: Jun 2006
Posts: 3,839 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Jun 2006
Posts: 3,839 Likes: 1 |
ecryption would be bad IMHO
|
|
|
|
Joined: Jun 2006
Posts: 16,367 Likes: 126
|
Joined: Jun 2006
Posts: 16,367 Likes: 126 |
Why? Think of it, passwords are md5ed for security, PM's would be the same; SHA is a two way algoritm, unlike MD5 which is one way. You could decode the pm's as an admin or user viewing the pm, however some random guy who rooted your machine can't just view pm's or passwords in plain text... just a thought in any reguards though
|
|
|
|
Joined: Jun 2006
Posts: 464 Likes: 1
Addict
|
Addict
Joined: Jun 2006
Posts: 464 Likes: 1 |
Couldn't you create sub administrators using permissions found in the moderator section.
In the future Rick it might be a good idea to have a master admin capability that can create sub admins that can only create forums, normal maintenance routines but do NOT have access to user data other then being able to ban and or resend password etc.
This type of model would also create separation of duty on the forums making them Sarbanes Oxley compliant. You would get more corporate sales then.
Not sure just thinking out loud here. Security is something that could be a super strong selling point with the above described parameters being completely configurable.
Happy Customer !!!
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
|
|
|
|
Joined: Jun 2006
Posts: 16,367 Likes: 126
|
Joined: Jun 2006
Posts: 16,367 Likes: 126 |
Oh god, don't get NT going
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
hehe ROFL - just got my license in the mail today so I'm entitled to post more now Someone has to get Rick back up off the couch and quit acting like he's still sick. . .
|
|
|
|
Joined: Jun 2006
Posts: 684
Addict
|
Addict
Joined: Jun 2006
Posts: 684 |
Too late.
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
Okay I'll leave for now - I see where I'm not wanted
|
|
|
|
Joined: Jun 2006
Posts: 16,367 Likes: 126
|
Joined: Jun 2006
Posts: 16,367 Likes: 126 |
I gave him soup and an injection of adrenaline to the heart, he'll be coding for weeks! :x
|
|
|
|
Joined: Jun 2006
Posts: 684
Addict
|
Addict
Joined: Jun 2006
Posts: 684 |
We want you keep going. No complaints here.
|
|
|
|
Joined: Jun 2006
Posts: 16,367 Likes: 126
|
Joined: Jun 2006
Posts: 16,367 Likes: 126 |
Okay I'll leave for now - I see where I'm not wanted harold, see what you've done :x
|
|
|
|
Joined: Jun 2006
Posts: 16,367 Likes: 126
|
Joined: Jun 2006
Posts: 16,367 Likes: 126 |
We want you keep going. No complaints here. scaring off the fresh meat...
|
|
|
|
Joined: Jun 2006
Posts: 684
Addict
|
Addict
Joined: Jun 2006
Posts: 684 |
Going on the board, not leaving.
|
|
|
|
Joined: Jun 2006
Posts: 16,367 Likes: 126
|
Joined: Jun 2006
Posts: 16,367 Likes: 126 |
Going on the board, not leaving. haha, i'd hope so.... driving off the meat is bad, very bad, mmmkay? lol
|
|
|
|
Joined: Jun 2006
Posts: 684
Addict
|
Addict
Joined: Jun 2006
Posts: 684 |
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
LOL
Still around, had to work on another site. Now maybe time to play an old favorite StarCraft to wind down.
.
|
|
|
|
Joined: Jun 2006
Posts: 9,242 Likes: 1
Former Developer
|
Former Developer
Joined: Jun 2006
Posts: 9,242 Likes: 1 |
Someone has to get Rick back up off the couch and quit acting like he's still sick. I wish that was the case Even when I'm sick I still work, just from my laptop instead of my desk I'm the hardest working man in the discussion board biz
|
|
|
|
Joined: Jun 2006
Posts: 464 Likes: 1
Addict
|
Addict
Joined: Jun 2006
Posts: 464 Likes: 1 |
Well the security rules and authentication would stay with UBB. but it would be nice to store user data at least login and PW in LDAP or some other enterprise authentication method should the need arise. It would be an extension script if anything.
Happy Customer !!!
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
No I'm not thinking of LDAP that is overkill to me.
|
|
|
|
Joined: Jun 2006
Posts: 16,367 Likes: 126
|
Joined: Jun 2006
Posts: 16,367 Likes: 126 |
Rick, still sick? nt; you said you wanted security
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
Yes I do, but from the MySQL not LDAP which almost no one will ever have unless they have their own server and have set it up, so I don't see that really ever happening.
.
|
|
|
|
Joined: Feb 2007
Posts: 57
journeyman
|
journeyman
Joined: Feb 2007
Posts: 57 |
I could use the ability to read PMs (easier). Unfortunately, we can get some pretty nasty people on our site -- some of which HAVE caused personal problems in real life. It takes continual monitoring to be keep the site clean. At the same time, our site notes in the registration that "Private Messages may be monitored if necessary to protect board members.". Of course, we only read PMs when there is a problem.
RnJpZW5kc2hpcCB3aXRoIHRoZSB3b3JsZCBpcyBob3N0aWxpdH kgdG93YXJkcyBHb2QuICBKYW1lcyA0OjQ=
|
|
|
|
Joined: Aug 2006
Posts: 1,649 Likes: 1
Pooh-Bah
|
Pooh-Bah
Joined: Aug 2006
Posts: 1,649 Likes: 1 |
Threads makes it very easy, in the extreme cases where you'd need to review another member's private messages...
GangsterBB.NET (Ver. 7.6.1.1) PHP Version 5.6.40 / MySQL 5.7.23-23 (was 5.6.41-84.1) / Apache 2.4.54 2007 Content Rulez Contest - Hon Mention UBB.classic 6.7.2 - RIP
|
|
|
|
Joined: May 2007
Posts: 145
member
|
member
Joined: May 2007
Posts: 145 |
Hi there, I don't exactly know what you mean by threads making it easier to read PMs.
I'd like to be able to check my entire community of PMs weekly to ensure a cleaner environment.
I've already experimented and know that I can go to: cp-->member mgmt-->enter a display name & submit-->click the username link-->click "Become This Member" button-->click "My Stuff"-->click "My Messages" and then view the users mail messages and delete whatever I feel needs to be deleted.
Is there a faster way? Indeed, using this method would take multi-hours to complete even if the community was small.
I read in one of the ubb forum posts that an admin could view the PMs using phpadmin. I will try this today and see if I can view a bulk of PMs for the community instead of for each user.
I'm listening close if you have any suggestions or information to help here. Thanks.
|
|
|
|
Joined: Jun 2006
Posts: 16,367 Likes: 126
|
Joined: Jun 2006
Posts: 16,367 Likes: 126 |
This is the only way of doing that, however it can be seen as a large security/privacy issue. Myself I'm pushing for "notify an admin"/"report spam" features for PM's for just this type of thing, as it'd ensure user privacy. Also, your members will know you read their pm's if unread pm's come up as read also, viewing pm's via phpmyadmin is a waste of time; nothing beneficial, and it'd actually take longer.
|
|
|
|
Joined: May 2007
Posts: 145
member
|
member
Joined: May 2007
Posts: 145 |
Bummer. Well, thanks for the supportive answer. At least I know I can take a peek if I need to. Also, I posted a notice so users are not surprised if their messages are monitored periodically for a safer environment. Check this out. http://www.shorthandclasses.com/com...=cc633ac07b32ce422271d89170bd4c92#Post70Please let me know if I have misinformed them or could say it better another way. I really think it's best the users KNOW this will take place than continue to think it's really private to the owner and admins.
Last edited by Trixie; 05/27/2007 8:05 PM.
|
|
|
|
Joined: Jul 2006
Posts: 4,057
|
Joined: Jul 2006
Posts: 4,057 |
1. whack that total down to 50 2. Why mention that your monitoring them? You probably wont, as there will be that much going on. Start posting things like monitoring pm's if and when it becomes a problem. Normally its the few spoiling it for the many. Personally i respect that a private message is a private message, and wait for a member to post the contents of any abuse. If you must post that, then add it in your forum rules, and then if they step out of line, there banned the reason is in the forum rules You don't have another way of ensuring that they have read your rules unless its in the forum rules.
BOOM !! Version v7.6.1.1 People who inspire me Isaac ME Gizmo
|
|
|
|
Joined: May 2007
Posts: 145
member
|
member
Joined: May 2007
Posts: 145 |
Thanks Mark. Yep, this posting can only be viewed in the "Board Rules" forum. I didn't think about users violating posted Board Rules" for all forums. I guess because I'm still typing them all out! It takes a lot of sit-down time to type out a variety of forum training helps for all who register. Wish we had a manual already. Don't get me wrong...I AM thankful for the FAQ question/answer link.
|
|
|
|
Joined: May 2007
Posts: 145
member
|
member
Joined: May 2007
Posts: 145 |
Okay, I appreciate the suggestion to lower the PM total from 150-200 to 50. And I'll do that pretty quick. As far as mentioning users being monitored, I think you're probably right. So instead, I could post a statement that PMs CAN be monitored upon a member's notification (to the admin) of another suspected user's content abuse. Is this better?
|
|
|
|
Joined: Jun 2006
Posts: 16,367 Likes: 126
|
Joined: Jun 2006
Posts: 16,367 Likes: 126 |
Sounds much better that way... I mean, if an abuse claim comes up you do *have* to check it out afterall ... And yeh, if you worry about space, keeping th emax # of pm's low is a godsend...
|
|
|
|
Joined: Jun 2006
Posts: 464 Likes: 1
Addict
|
Addict
Joined: Jun 2006
Posts: 464 Likes: 1 |
Not to mention if you setup ADMIN logging you can see a list of what the admins have been doing including loginas "another user name here"
There is no getting around it and you can nail people doing this kind of stuff immediately.
Happy Customer !!!
|
|
|
|
Joined: Apr 2007
Posts: 3,940 Likes: 1
Former Developer
|
Former Developer
Joined: Apr 2007
Posts: 3,940 Likes: 1 |
if you want to review the latest PMs in phpMyAdmin, just paste this: SELECT t2.TOPIC_SUBJECT AS Subject,
t3.USER_DISPLAY_NAME AS PMer,
t1.POST_BODY AS Body,
FROM_UNIXTIME( t1.POST_TIME,'%M %e, %Y - %h:%i %p') AS PMOn
FROM ubbt_PRIVATE_MESSAGE_POSTS AS t1,
ubbt_PRIVATE_MESSAGE_TOPICS as t2,
ubbt_USERS as t3
WHERE t1.TOPIC_ID=t2.TOPIC_ID AND t1.USER_ID=t3.USER_ID
ORDER BY t1.POST_TIME DESC
LIMIT 50 into a query (where ubbt_ is replaced by your board's prefix, limit 50 can be changed too) window. this will display the most recent xx (50 for this example) PM replies (messages). you could even save this in your Cpanel, DB tools, queries stuff, but then ALL admins have the ability to use it. just an fyi
|
|
|
|
Joined: Jul 2006
Posts: 4,057
|
Joined: Jul 2006
Posts: 4,057 |
we really do need an Advanced SQL Forum (Admin Section) for these Advanced queries, which can be so helpful. As fixes and repairs too. Thanks Sir Dude as i bow
BOOM !! Version v7.6.1.1 People who inspire me Isaac ME Gizmo
|
|
|
|
Joined: Apr 2007
Posts: 3,940 Likes: 1
Former Developer
|
Former Developer
Joined: Apr 2007
Posts: 3,940 Likes: 1 |
agree, to an extent. i actually filter out the queries in the admin panel, before letting them execute. ie: no update, delete, select into, alter bla bla stuff. but the select queries can be real helpful. eg: select all the themes and rank them by popularity and generate a list that can be included between [ list ] tags in a post, to allow the users to see what's both available and popular and the links automatically click to a preview of said style. that saves me tons of time and users like to see where their favorite style is in the standings etc, but the admins (without that) are too arsed to keep updating the list manually. oh and i bow back to you
|
|
|
2 members (Ruben, SenecaFlyer),
929
guests, and
67
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|