|
Joined: Aug 2007
Posts: 386
enthusiast
|
enthusiast
Joined: Aug 2007
Posts: 386 |
OK, I guess this is just my UBB questions day.
I'm an admin (yes that is scary). But, the owner of the company and the owner of the board is also an admin. I am going to assume that he has more capabilities than I do.
I get asked this question all the time by users:
Can the actual owner of the board see private messages?
Thanks.
Bert
UBB version 7.5.8 php version 5.4.22 MySQL version 5.5.36-cll
|
|
|
|
Joined: Jan 2004
Posts: 2,474 Likes: 3
Pooh-Bah
|
Pooh-Bah
Joined: Jan 2004
Posts: 2,474 Likes: 3 |
I also get asked this a lot. The answer is - not easily. (For reasons of conscience and coding.) However... It _ is_ possible. But it's not something most of us feel comfortable about. It is not part of the stock code that comes with any * forum. It is possible to write a MySQL query to examine any aspect of the database. This is something that an admin can do (assuming they have access to the 'Database Tools || SQL command'). Although, I suspect anyone doing this would probably not sleep well at night. * - that I am aware of, anyway...
|
|
|
|
Joined: Aug 2007
Posts: 386
enthusiast
|
enthusiast
Joined: Aug 2007
Posts: 386 |
Well, since he crashed the whole board trying to reset FTP admin privileges, I am going to assume he can't do it.
Thanks.
UBB version 7.5.8 php version 5.4.22 MySQL version 5.5.36-cll
|
|
|
|
Joined: Jan 2004
Posts: 2,474 Likes: 3
Pooh-Bah
|
Pooh-Bah
Joined: Jan 2004
Posts: 2,474 Likes: 3 |
heh - sounds like he may not be that 'switched on'.
|
|
|
|
Joined: Aug 2007
Posts: 386
enthusiast
|
enthusiast
Joined: Aug 2007
Posts: 386 |
UBB version 7.5.8 php version 5.4.22 MySQL version 5.5.36-cll
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
Well, he can just use the feature "Become User" and go read their PT's.
|
|
|
|
Joined: Apr 2011
Posts: 31
newbie
|
newbie
Joined: Apr 2011
Posts: 31 |
I don't understand why you would want to do this. I know of 2 forums that do that and it does not sit well with their members when they find out.
|
|
|
|
Joined: Jan 2004
Posts: 2,474 Likes: 3
Pooh-Bah
|
Pooh-Bah
Joined: Jan 2004
Posts: 2,474 Likes: 3 |
I don't think he does want to mate. It's the super-admin that Bert is concerned about.
|
|
|
|
Joined: Jun 2006
Posts: 81
member
|
member
Joined: Jun 2006
Posts: 81 |
As Gizmo points out, it is VERY easy as an Admin to read a member's PMs. It's a matter of ethics. If the Admin has none, expect that your PMs will be read. Which begs the question... How would you know if the Admin of any given forum has any sense of ethics? The answer for me is that I never say anything in a PM that I would get bent out of shape over if it got out. That is not to say I have never said anything bad about someone in a PM. It's just that I'd not be overly concerned if it got out and I just might say it in public if the topic were brought up there.
|
|
|
|
Joined: Aug 2007
Posts: 386
enthusiast
|
enthusiast
Joined: Aug 2007
Posts: 386 |
Thanks driv for clearing that up.
@Mike
That is good practice. But, the whole idea of Private Messages is that you say things in private you wouldn't say on the board. And, it doesn't necessarily have to be bad.
UBB version 7.5.8 php version 5.4.22 MySQL version 5.5.36-cll
|
|
|
|
Joined: Aug 2007
Posts: 386
enthusiast
|
enthusiast
Joined: Aug 2007
Posts: 386 |
Well, he can just use the feature "Become User" and go read their PT's. Never thought of that. Now that is scary.
UBB version 7.5.8 php version 5.4.22 MySQL version 5.5.36-cll
|
|
|
|
Joined: Jan 2004
Posts: 2,474 Likes: 3
Pooh-Bah
|
Pooh-Bah
Joined: Jan 2004
Posts: 2,474 Likes: 3 |
If you suspect 'foul play' you should not select the "Remember me on each visit" option.
Then at least, when you are about to log in, you will be able to see if you were 'logged in' - when you were away from your forum.... if you see what I mean.
|
|
|
|
Joined: Aug 2007
Posts: 386
enthusiast
|
enthusiast
Joined: Aug 2007
Posts: 386 |
So the person who "became you" would not be able to log you off?
UBB version 7.5.8 php version 5.4.22 MySQL version 5.5.36-cll
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
The answer for me is that I never say anything in a PM that I would get bent out of shape over if it got out. +1
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
So the person who "became you" would not be able to log you off? I don't think it invalidates your cookie
|
|
|
|
Joined: Apr 2007
Posts: 3,940 Likes: 1
Former Developer
|
Former Developer
Joined: Apr 2007
Posts: 3,940 Likes: 1 |
giz is correct. you aren't affected
|
|
|
|
Joined: Jun 2006
Posts: 81
member
|
member
Joined: Jun 2006
Posts: 81 |
Edit. The following was being typed as SirDude and Gizmo responded.That last is not exactly correct according to my understanding. A topic such as this can lead to a bit of a mind twister. Excuse me if the following starts to sound like circle logic. If you log off on your last visit, you do not have the cookie set on your computer that keeps you logged in. Thus even IF an admin becomes you via the control panel and does not log "you" off, it does not matter to your perspective. Or more accurately, your computer's perspective. You will still need to log in when next you visit as you do not have the cookie set that keeps you logged in. However, this is a bit moot. As the unscrupulous Admin who becomes a user for the purpose of reading PMs will need to log off so that they can log back in as their self to have their normal access. Clear as mud? Another aspect is that when an admin becomes a member, it will show to all the other members that you are logged in. It could get back to you that you were seen logged in at that time when you know you were not. Further, if you were to look, you could also see when you were last logged in and know that the time/date is not correct. Bert, I know what you mean about defeating the purpose of a PM. Perhaps I show my nature by using an example of bad-mouthing someone. It might well have been some other example where you would not want the info to enter the public domain even if not derogatory. Still, it is the nature of online forums that you really need to be careful of what you disclose even in a PM. There is no reasonable expectation that the admin of any given forum is an IT professional with strong ethics. This is not to say that only IT professionals have ethics, nor do I contend that all IT folks are ethical. A side note is that I am constantly amazed at what folks will reveal on a forum totally out in the open. I myself am just a tad more circumspect. My point is that I never disclose something on a forum that I do not control if I would not want the communication to be viewed by others. If you have something where privacy is tantamount, take it to a medium you have more confidence in. Lecture mode off.
Last edited by Mike L; 11/14/2011 7:21 PM.
|
|
|
|
Joined: Aug 2007
Posts: 386
enthusiast
|
enthusiast
Joined: Aug 2007
Posts: 386 |
Excellent review. And, this doesn't even count the PM where another is invited, and yet you only see the person who started it. That nearly happened to another user on our board. Actually, it did happen, she just hadn't said anything bad about that person.
UBB version 7.5.8 php version 5.4.22 MySQL version 5.5.36-cll
|
|
|
|
Joined: Jul 2005
Posts: 45
newbie
|
newbie
Joined: Jul 2005
Posts: 45 |
Another point that is worth mentioning that relates to Become This Member, is that Admin team members have the ability to see the actions of other admin team members within the Admin logs. If an admin needs to troubleshoot a problem for a member, that actually requires becoming them, it will appear in the logs. If you use the function, you become someone, troubleshoot and get immediately back out again.
I think that matters of privacy and the integrity of the admins is the most important thing to consider when inviting someone on to the team - you have to know you can trust them with the privacy of your membership.
On our board, we are committed to respecting and safeguarding people's privacy and there is no circumstance under which we would violate that trust. I wouldn't want to belong to a board that did! If our members didn't feel that they could trust the admin team, then I don't think they'd stay on very long. I guess that may depend too on the type of board (but it is particularly important on ours, which is a health-related site).
|
|
|
|
Joined: Aug 2007
Posts: 386
enthusiast
|
enthusiast
Joined: Aug 2007
Posts: 386 |
Thanks. I don't think it would happen on our board either. Not that this is anything that would concern you guys and it is a tiny bit off topic, but there has been some politics between the company and the customers. One thing that happened recently was a permission change in the CP. I was the first user on the board and have been the admin for quite a long time. A global mod from the company was added. (I won't go into the suspected reasons). Anyway rather than making her an admin, which would be strange, the owner simply changed what were all 0s next to GMs to 1s, thereby in effect, making her an admin.
This does all tie together with the lack of trust, although I still do not think the owner would check the PMs.
Sorry, if this is way off topic. Thanks for all the help.
UBB version 7.5.8 php version 5.4.22 MySQL version 5.5.36-cll
|
|
|
|
Joined: Jan 2008
Posts: 514
addict
|
addict
Joined: Jan 2008
Posts: 514 |
No not off topic. My board is by no means as significant as some people's are here. I am one of 3 admins (I am the owner), but I take very serious the power of the admin rights and I have my admins sign (physically) a waiver that they will not, unless asked, become another member to fix an issue....and even then the other 2 admins assigned ask me first. I take our people's privacy seriously and do not allow anyone to read pm's... My policy...if you absolutely have to then do so AND GET OFF THE ACCOUNT there is no need to look any further than that. IMO. It is a moral and ethical issue and most forum board owners and admins (that I know) have the integrity not to do something like read another's pm.
Dunny
|
|
|
|
Joined: Mar 2008
Posts: 262
enthusiast
|
enthusiast
Joined: Mar 2008
Posts: 262 |
I agree it is a moral issue too. I was the systems admin for a large company, and I could have read the presidents email if I wanted, but would I no. We have 3 admins on our board and I do not think any of them would ever read a members PM's
|
|
|
|
Joined: Jun 2006
Posts: 1,344
veteran
|
veteran
Joined: Jun 2006
Posts: 1,344 |
I let the other admin and owner know if I ever caught them login as another user that I will pull their access. Even technical issues that may require me going into their account I request the user to change password to a temp one and I will login that way, with their consent and help.
|
|
|
Bots
by Outdoorking - 04/13/2024 5:08 PM
|
|
|
|
|
|
0 members (),
484
guests, and
138
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|