Jump to content


Photo
* * - - - 3 votes

Log in... as some members (threat to privacy)


  • Please log in to reply
51 replies to this topic

#1 Axel Wers

Axel Wers

    Senatus Populusque Romanus

  • +Clients
  • 3,743 posts

Posted 21 April 2012 - 03:58 AM

In 3.3.x we have a new feature, via ACP I can login on board as desired member and check his/her permissions on board etc.

OK, pretty good, it can be usefull.

But in this case I have complete control over member's account what include reading of private messages.

Is that OK? I think some categories shouldn't be accessible for admin. What do you think?

FreeSpace - FreeSpace Forum - Twitter - Facebook - WebMiesto
 
Axel Wers, on 28 Nov 2012 - 7:22 PM, said:
iArcade should be regular app in IP.Suite. Currently IPB looks much more social network than common forum. And games are very popular in social networks.


#2 Kyle.

Kyle.

    Behold my darkness as I shun upon you.

  • Members
  • PipPipPipPipPip
  • 812 posts

Posted 21 April 2012 - 04:16 AM

While it is an invasion of a members privacy, however is useful to check PMs IF that member was reported for PM advertising etc. (If you have a strict rule against PM advertising).

dng_banner.png


#3 Misi

Misi

    Spam is good!

  • +Clients
  • 719 posts

Posted 21 April 2012 - 04:43 AM

Access to private messages should be disabled permanently.
Is the admin itching to read them? There is phpmyadmin for that purpose.
  • Pereira likes this
This signature is not a signature!

#4 dean84

dean84

    Advanced Member

  • Members
  • PipPipPipPip
  • 342 posts

Posted 21 April 2012 - 04:50 AM

They ain't personal messages though are they, they are only conversations, so that you can chose to speak to someone that way other than via the forums.

If we get reports of a user abusing the conversations system, ie threatening and abusive language. We need the ability to check it out, as we won't act unless we have proof.

#5 Kyle.

Kyle.

    Behold my darkness as I shun upon you.

  • Members
  • PipPipPipPipPip
  • 812 posts

Posted 21 April 2012 - 05:15 AM

They ain't personal messages though are they, they are only conversations, so that you can chose to speak to someone that way other than via the forums.

If we get reports of a user abusing the conversations system, ie threatening and abusive language. We need the ability to check it out, as we won't act unless we have proof.

But then again, the member being "abusive" could just delete the conversations history on his/her end. :o

dng_banner.png


#6 Hunting insects...

Hunting insects...

    Spam Happy

  • +Clients
  • 577 posts

Posted 21 April 2012 - 08:47 AM

Access to private messages should be disabled permanently.
Is the admin itching to read them? There is phpmyadmin for that purpose.


They are not and never were "private" messages and as you you point out may be accessed via the database anyway. Nothing has really changed...
  • AlexJ and TaffyCaffy like this

Pray that there's intelligent life somewhere out in space
Because there's bugger-all down here on Earth.


ip-forum & ip Web Shop

eBay shop


#7 Aiwa

Aiwa

    I code for fun

  • +Clients
  • 8,469 posts

Posted 21 April 2012 - 09:25 AM

The only private messages anyone have on my board are the ones NOT on my board.

Just like forum topics, all information becomes the property of the board owner.

Nothing is private unless it is encoded in the DB. so passwords are still private.
  • AndyF likes this

My Files and Support: aiwa.me

Have a gaming community?           Need Nexus Add-ons?                    Security

-Steam Profile Integration         -Automatic Ticket Creator              -Force password Reset

-Battlefield 4 Profile Integration -No Renewals (Sell trial memberships!) 

                                   -Support Request Menu

 
 
 


#8 AndyF

AndyF

    iQA4u

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 26,914 posts

Posted 21 April 2012 - 09:28 AM

You can always just ignore the newer feature. :) Ultimately there was a third party hook to do this on older versions anyway and its not that difficult to either read things in the db and / or temporarily change details to login as whatever member.
  • Aiwa likes this

#9 Axel Wers

Axel Wers

    Senatus Populusque Romanus

  • +Clients
  • 3,743 posts

Posted 21 April 2012 - 09:45 AM

Ultimately there was a third party hook to do this on older versions anyway and its not that difficult to either read things in the db and / or temporarily change details to login as whatever member.

Yes, but there is something different.

You can use that hook or check PMs via phpMyAdmin - and NOBODY knows it

But when I will login via this new feature nick of that user (who currently I control) is visible in online list.
And someone other can see it and will ask that member:
"Hey were you on board yesterday evening?"
"Not, why?"
"I saw you online!"
"What? How is possible? Hey admin can you explain it?!"

Problem is, when admin will use this feature, everything is logged. It's dangerous for credibility. Generally feature is not bad, Admin can see or fix possible problems from member's view, but some things shouldn't be revealed.

FreeSpace - FreeSpace Forum - Twitter - Facebook - WebMiesto
 
Axel Wers, on 28 Nov 2012 - 7:22 PM, said:
iArcade should be regular app in IP.Suite. Currently IPB looks much more social network than common forum. And games are very popular in social networks.


#10 Rimi

Rimi

    Strip Me

  • +Clients
  • 6,121 posts

Posted 21 April 2012 - 09:48 AM

"Hey were you on board yesterday evening?"
"Not, why?"
"I saw you online!"
"What? How is possible? Hey admin can you explain it?!"

"Looks like a bug."

:P

Anyway I don't know what you're more worried about. Member's privacy or being caught.
  • Aiwa likes this

#11 Aiwa

Aiwa

    I code for fun

  • +Clients
  • 8,469 posts

Posted 21 April 2012 - 09:50 AM

I haven't used this feature yet, but does it allow you to log in annomously as that user? Then they won't show in the online list.

Or there is a hook that allows you to toggle visibility. As soon as you log in as them, go invisible.

My Files and Support: aiwa.me

Have a gaming community?           Need Nexus Add-ons?                    Security

-Steam Profile Integration         -Automatic Ticket Creator              -Force password Reset

-Battlefield 4 Profile Integration -No Renewals (Sell trial memberships!) 

                                   -Support Request Menu

 
 
 


#12 Con

Con

    XR3X

  • Members
  • PipPipPipPipPipPip
  • 1,590 posts

Posted 21 April 2012 - 10:03 AM

Logging in as a member via the ACP should have virtually no differences from logging in as that member normally. In the case of verifying that permissions are correctly set, etc., any discrepancies can be nightmarish.
sig.png

#13 Charles

Charles

    Needs Life

  • IPS Management
  • 9,043 posts

Posted 21 April 2012 - 10:37 AM

Keep in mind an admin can change a user's password to gain access or just simply directly-query the database. Granted this feature may make it a bit easier for an admin to access a user's information on their community but they have always been able to.
  • Michael, AndyF, Aiwa and 3 others like this

Charles Warner
Invision Power Services, Inc. - President
charles.warner@invisionpower.com

 

Please do not PM me but feel free to contact me by email.


#14 Rimi

Rimi

    Strip Me

  • +Clients
  • 6,121 posts

Posted 21 April 2012 - 10:47 AM

Incidentally is it possible to use ACP restrcitions to only remove access to that one button?

#15 Axel Wers

Axel Wers

    Senatus Populusque Romanus

  • +Clients
  • 3,743 posts

Posted 21 April 2012 - 11:14 AM

Anyway I don't know what you're more worried about. Member's privacy or being caught.

Do you have problems with understanding? This feature should help only for problems with accounts, not to gain whole access for administrator.

FreeSpace - FreeSpace Forum - Twitter - Facebook - WebMiesto
 
Axel Wers, on 28 Nov 2012 - 7:22 PM, said:
iArcade should be regular app in IP.Suite. Currently IPB looks much more social network than common forum. And games are very popular in social networks.


#16 Rimi

Rimi

    Strip Me

  • +Clients
  • 6,121 posts

Posted 21 April 2012 - 11:25 AM

Do you have problems with understanding? This feature should help only for problems with accounts, not to gain whole access for administrator.

Well, actually, your English isn't very fluent so I suppose I do have a problem understanding. Please forgive me.

I don't think you understand the complexities of what you're suggesting. There are just so many extra places IPS would have to add checks to to see if the session was logged in via admin which would just lead to a lot more bugs. It's such an impractical suggestion. Besides what if the account problem is with PMs specifically? There's a thread in the technical support board right now where someone has users who are claiming that they can't reply to PMs. How would we look into this issue if we had your restrictions in place? We couldn't. Again your suggestion is impractical.
  • Aiwa likes this

#17 Mark

Mark

    I dropped the "iggy"

  • IPS Staff
  • 8,387 posts

Posted 21 April 2012 - 03:46 PM

Incidentally is it possible to use ACP restrcitions to only remove access to that one button?


Yes.

Mark Wade
Developer

zce-php5-3-logo.gif php5-zce-logo-new.gif


#18 Axel Wers

Axel Wers

    Senatus Populusque Romanus

  • +Clients
  • 3,743 posts

Posted 23 April 2012 - 02:38 AM

There's a thread in the technical support board right now where someone has users who are claiming that they can't reply to PMs. How would we look into this issue if we had your restrictions in place? We couldn't.

I use IPB more than 8 years and nobody had problems with PMs. So in this case it should be issue on member's side. In 99% cases it makes problem with cookies, if not check personal settings for that members (any restrictions?) or group settings. Still nothing? Maybe browser issue? Try another. Easy from admin view. If you cannot fix it, you aren't probably good admin. By the way, you have had something with my english. Well english is not my mother language but I think it's still understable. You seems to be wise so I sent you PM in my language, you should understand (because you seems to be VERY wise) and we can carry on in my language in PMs because this topic already goes in other way.

FreeSpace - FreeSpace Forum - Twitter - Facebook - WebMiesto
 
Axel Wers, on 28 Nov 2012 - 7:22 PM, said:
iArcade should be regular app in IP.Suite. Currently IPB looks much more social network than common forum. And games are very popular in social networks.


#19 Rimi

Rimi

    Strip Me

  • +Clients
  • 6,121 posts

Posted 23 April 2012 - 08:23 AM

Nevermind.

Edited by Rimi, 23 April 2012 - 08:43 AM.


#20 Pereira

Pereira

    Advanced Member

  • Members
  • PipPipPipPip
  • 429 posts

Posted 23 April 2012 - 11:41 AM

So basically you can quickly and easily log into any members account at your own discretion? Does this mean you can just log into their account and post as them too?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users