hi, im new here but have my forum on icy pheonix.

i have come across a serious (imo) security issue while using the user options in ACP

basically it allows admin to view members PRIVATE MESSAGES.
this is something i dont want as private messages should be just that  PRIVATE.


is there a simple way of deleting this option from ACP?

when i enter ACP and click USERS  7 from top is PRIVATE MESSAGES it is this i want removing from my site.


any help/pointer glady recieved.

many thanks in advance    

You can simply delete or rename with a non .php extension the file your_root/adm/admin_priv_msgs.php



Edit: I don't think is a security issue. Can turn out to be useful in some cases of harrassments via PM, then you can check and prove it.

It should just be kind from the administrator to warn the users that pms can be read from admins

Vortex wrote: [View Post]

You can simply delete or rename with a non .php extension the file your_root/adm/admin_priv_msgs.php

have you simpleton instructions on how to do this?

im no technical genius    

playmisty wrote: [View Post]

Vortex wrote: [View Post]

You can simply delete or rename with a non .php extension the file your_root/adm/admin_priv_msgs.php

have you simpleton instructions on how to do this?

im no technical genius    

If you installed Icy, I suppose you can use the FTP client


Just connect and go to root(folder where you have Icy)/adm/ and delete the file admin_priv_msgs.php


(Personally I just rename it to admin_priv_msgs_php so that it no longer appears it ACP )

though it is still easy to read private messages as everything is stored in the database... so for security it is not really an issue...

____________
Mods and themes for Icy Phoenix 1.3

IcyPhoenix UK is off-line permanently due to lack of time to update mods.
if anyone is interested in my templates I will upgrade them to Icy 2.0.

I've do this :
OPEN
FIND
AFTER, ADD
FIND
BEFORE, ADD