hi, im new here but have my forum on icy pheonix.
i have come across a serious (imo) security issue while using the user options in ACP
basically it allows admin to view members PRIVATE MESSAGES.
this is something i dont want as private messages should be just that PRIVATE.
is there a simple way of deleting this option from ACP?
when i enter ACP and click USERS 7 from top is PRIVATE MESSAGES it is this i want removing from my site.
any help/pointer glady recieved.
many thanks in advance :oops: :wink:
Private Messages
Subject: Re: Private Messages
Last edited by Vortex on Sun 14 Dec, 2008 18:49; edited 1 time in total
You can simply delete or rename with a non .php extension the file your_root/adm/admin_priv_msgs.php ;)
Edit: I don't think is a security issue. Can turn out to be useful in some cases of harrassments via PM, then you can check and prove it.
It should just be kind from the administrator to warn the users that pms can be read from admins ;)
Edit: I don't think is a security issue. Can turn out to be useful in some cases of harrassments via PM, then you can check and prove it.
It should just be kind from the administrator to warn the users that pms can be read from admins ;)
Last edited by Vortex on Sun 14 Dec, 2008 18:49; edited 1 time in total
Subject: Re: Private Messages
have you simpleton instructions on how to do this?
im no technical genius :oops: :oops:
Vortex wrote: [View Post]
have you simpleton instructions on how to do this?
im no technical genius :oops: :oops:
Subject: Re: Private Messages
If you installed Icy, I suppose you can use the FTP client ;)
Just connect and go to root(folder where you have Icy)/adm/ and delete the file admin_priv_msgs.php
(Personally I just rename it to admin_priv_msgs_php so that it no longer appears it ACP ;) )
playmisty wrote: [View Post]
If you installed Icy, I suppose you can use the FTP client ;)
Just connect and go to root(folder where you have Icy)/adm/ and delete the file admin_priv_msgs.php
(Personally I just rename it to admin_priv_msgs_php so that it no longer appears it ACP ;) )
Subject: Re: Private Messages
though it is still easy to read private messages as everything is stored in the database... so for security it is not really an issue...
Page 1 of 1
You cannot post new topicsYou cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events
This is a "Lo-Fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Powered by Icy Phoenix based on phpBB
Generation Time: 0.0866s (PHP: 20% SQL: 80%)
SQL queries: 11 - Debug Off - GZIP Enabled