* User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

* Recent Posts

Outage March 30, 2024 report by SMFNew
[March 30, 2024, 09:53:53 am]
Re: What are you listening to? by Stelios
[July 16, 2023, 08:54:53 am]
Re: What are you listening to? by Stelios
[July 16, 2023, 08:52:34 am]
Re: What are you listening to? by Jacob
[July 12, 2023, 01:59:53 am]
Re: What are you listening to? by Dagger
[July 06, 2023, 04:11:15 pm]
Re: Cannot Register on Support Forum by Jacob
[June 01, 2023, 01:09:08 am]
Re: Cannot Register on Support Forum by SMFNew
[May 21, 2023, 10:22:14 am]
Cannot Register on Support Forum by Stelios
[May 21, 2023, 06:45:30 am]
Re: Forum Profile Signature Error by SMFNew
[January 19, 2023, 10:26:49 pm]
Re: Forum Profile Signature Error by MangoMochi
[January 19, 2023, 10:24:45 pm]

* Poll

  • Have you noticed better loading times?
  • Dot YES! My forum loads instantly!
  • 53 (33%)
  • Dot I have much better loading times
  • 20 (12%)
  • Dot I have noticed my forum loads a tiny bit faster than before
  • 22 (13%)
  • Dot I have not noticed any changes
  • 64 (40%)
  • Total Members Voted: 150
  • View Topic

* Twitter

Keep up to date with SMFNew by following us on twitter!
« previous next »
Pages: [1]

Author Topic: Security Issue: Visibility of E-mail Addresses  (Read 2168 times)

0 Members and 1 Guest are viewing this topic.

Offline Valkyrian Legion

  • Member
  • Posts: 76
  • Reputation: +0/-0
    • View Profile
Security Issue: Visibility of E-mail Addresses
« on: January 15, 2010, 02:44:09 pm »
As a security measure on my forum, I've long ensured that every new registrant's E-mail was set to 'hidden' to prevent harassment, stalking and espionage. However I recently discovered that even if someone's E-mail is hidden on their profile, it can still be viewed by regular users viewing the membership list!

This highlights the usefulness of administrators having a secondary, regular, account with which to log in and explore the forum from a non-administrator perspective.

To deal with the security breach, I made the entire memberlist unviewable to regular members.
Logged
Half the world has been built upon their tears

Share on Facebook Share on Twitter

Offline ccbtimewiz

  • Dreamer
  • Member
  • Posts: 57
  • Reputation: +1/-5
    • View Profile
Re: Security Issue: Visibility of E-mail Addresses
« Reply #1 on: January 15, 2010, 02:55:28 pm »
Regular members cannot view email address-- only an administrator can. This includes the memberlist as it calls the same query as other sections.
Logged

Offline Valkyrian Legion

  • Member
  • Posts: 76
  • Reputation: +0/-0
    • View Profile
Re: Security Issue: Visibility of E-mail Addresses
« Reply #2 on: January 16, 2010, 11:41:37 am »
Quote from: ccbtimewiz on January 15, 2010, 02:55:28 pm
Regular members cannot view email address-- only an administrator can. This includes the memberlist as it calls the same query as other sections.
That's what I thought for a while, until I logged in with my non-administrator account and saw that a regular member account can view the E-mails in the memberlist. Like I said, having a regular account is a must for administrators, just so they can ensure that the forum appears as it should for regular members.
Logged
Half the world has been built upon their tears

Offline Alex

  • Administrator
  • Member
  • Posts: 1913
  • Reputation: +7/-1
    • View Profile
Re: Security Issue: Visibility of E-mail Addresses
« Reply #3 on: January 17, 2010, 06:42:13 am »
Make sure the users have unticked the share email box.
Logged

Offline Valkyrian Legion

  • Member
  • Posts: 76
  • Reputation: +0/-0
    • View Profile
Re: Security Issue: Visibility of E-mail Addresses
« Reply #4 on: January 17, 2010, 02:00:51 pm »
Quote from: Alex on January 17, 2010, 06:42:13 am
Make sure the users have unticked the share email box.

I've been manually checking the box for "Hide email address from public?" on every new registrant's profile from day one. Only recently did I find that this did not conceal it on the memberlist. Is this the 'share email box' you refer to, or is there another one besides the box on the user profiles?

It seems to me, this is a shortcoming in the programming, so I'll be posting about it on simplemachines.org . However people here should be aware of the issue, so that if they do value the privacy of their members, they can render the memberlist unviewable until the matter is resolved.
Logged
Half the world has been built upon their tears

Offline Alex

  • Administrator
  • Member
  • Posts: 1913
  • Reputation: +7/-1
    • View Profile
Re: Security Issue: Visibility of E-mail Addresses
« Reply #5 on: January 17, 2010, 02:06:56 pm »
We will look into this but SMFNew has not altered any of the email settings, it may be a bug with SMF.
Logged
Pages: [1]
« previous next »
 
SimplePortal 2.3.7 © 2008-2024, SimplePortal