Disallow Moderators access to admin_users.php

grey.lv · 2010-02-23 15:50:21

Hello,

first of all I would like to thank you all for hard work and effort developing FluxBB.

I would like to suggest in some way control moderator access to "Users" page in Administation area. The problem is that every person in moderator group may easily list and collect email addresses from all users. In my opinion, only administrators may run such queries.

Imagine you are running rather large forum, say couple thousand users. To control all the topics, you will need a team of moderators. You may not know all them in person, you don't know whether you can trust them. Any moderator may collect all the e-mail addresses and use them for spam/commercial or other purposes.

I think there should be specific option added in Administration /"User groups" to control whether Moderators may access Administration/Users page.

If you don't want to alter database, you may just use option "Allow moderators to edit user profiles" to control whether moderators may search user list from Administration/Users. If a moderator has no rights to edit user profile, he should not be able to see "Email" column from Administration/Users search results.

Regards,
Grey

Last edited by grey.lv (2010-02-23 16:51:07)

qie · 2010-02-23 15:55:05

Hey,I just wanna say "cool" ~ splendid topic!

Additional : Moderator shouldn't have permission of "view user's IP",

but here it is,we can do nothing, just wait for develloper to solve the problem.

Last edited by qie (2010-02-25 08:31:36)

grey.lv · 2010-02-23 16:05:05

I think e-mail address ir rather different thing from users IP.

To be clear - I am not saying that moderator may not *see* an user e-mail address (actually you can control that by "Allow moderators to edit user profiles") . I am against that moderator may query a list of (all) e-mail addresses.

Last edited by grey.lv (2010-02-23 16:05:43)

qie · 2010-02-23 16:08:17

edit: I looked up into it, if you set mod's permission of "view user's information" to "no", he can not view user's information or search userlist,so your problem does not exist.

my problem is there, i don't think Moderator can view user's post IP address , this will protect Admin' and member's privacy from being known by someone not need to

qie · 2010-02-23 16:17:29

IP is a very important identity , I don't know other country's citizen's life,but if you are living in a non-democracy country which control the speech intense you will know that.

eg. if a webmaster hold a forum that the goverment don't like,the officer would send spy to his site,and maybe who became a moderator? so there the gov got the proof of who are running this website with the post time and IP.... and I don't think the Moderator group should/need know the member or Admin's IP address. IP address and user's Email is the top secret I thought

Last edited by qie (2010-02-23 16:18:53)

grey.lv · 2010-02-23 16:28:01

qie wrote:

edit: I looked up into it, if you set mod's permission of "view user's information" to "no", he can not view user's information or search userlist,so your problem does not exist.

That is not true.

Even if "view user's information" = "no" and "Allow moderators to edit user profiles" = "no" is set to Moderators group, a moderator still has access to "Administraton/Users" (admin_users.php) and list email addresses from all the users.

I am not saying that IP's are not important. I am saying that it is rather different (security) problem and should be discussed in another topic.

Last edited by grey.lv (2010-02-23 16:28:54)

qie · 2010-02-23 16:42:07

I have checked again , you are right, Moderator can got user's email by search a specific term like "post time after". then list all ..0_0

The Moderators shouldn't using the whole "admin_xxx.php" pages.

I think it's a secruity bug but not feature since we are sure the Moderators are another people but not Administrator,Moderators maybe helpful but maybe dangerous,we should control the permission of the group tightly. But now the developer /Reines/ are not online for 2 days, until he come back.there will be a quick solution i think

Thank you for sharing your points which the community need and making the project active ^-^

Last edited by qie (2010-02-23 16:51:50)

Franz · 2010-02-25 07:35:14

This is not a security bug. I can't be 100% sure, but I guess this was discussed and then decided by the original developers (maybe Smartys could chime in here?). I agree that it could be done differently, but I don't see a quick solution that wouldn't require rewriting at least half of the permission system.

qie · 2010-02-25 07:57:27

it's a bad news to me, that mean i will not hold any moderator in new system, which i'was doing on flux/pun bb 1.2
For security reason i can't give anyone moderator permission which means the only moderator is me,the administrator.

I suggest we should re-consider the code and permission system,even that will delay the 1.4 release months or year. the issue is a high risk for me. i don't know others think abt it,but just look this man grey.li said:

Imagine you are running rather large forum, say couple thousand users. To control all the topics, you will need a team of moderators. You may not know all them in person, you don't know whether you can trust them. Any moderator may collect all the e-mail addresses and use them for spam/commercial or other purposes.

with this system,there just minor difference permission between admin group and moderator group. ( as admin just can do general thing like "setting forum,options adjust"

I just don't know why it is not a security bug, since a moderator you set up to "no view of user's information" then he can view user's IP and Email? what's the more important thing left out of there except that both?

I just remember that Smarty ever upgraded fluxbb from 1.2.21 to 1.2.22, this upgrade solve a security problem that un authority member can read the forum by extern.php? (or rss? ), that problem got a version upgrade,and then why this moderator permission problem not even a bug?

what i though of fluxbb 1.4, is the whole things is one goal,complete the 1.2. I always know fluxbb1.2 is far to perfect,there lot of problem can't been solve,so fluxbb/punbb 1.2 is just a uncomplete project which should be done in future.so why we put fluxbb 1.4 to another one uncomplete now?

Last edited by qie (2010-02-25 08:18:32)

Franz · 2010-02-25 08:17:40

qie wrote:

what i though of fluxbb 1.4, is the whole things is one goal,complete the 1.2. I always know fluxbb1.2 is far to perfect,there lot of problem can't been solve,so fluxbb/punbb 1.2 is just a uncomplete project which should be done in future.so why we put fluxbb 1.4 to another one uncomplete now?

I beg you pardon!?? Why in the world would you call 1.2 uncomplete?

Anyways, think about this: you shouldn't make anybody admin or moderator of your site if you don't trust them.

qie · 2010-02-25 08:22:48

1.that why i said that is lots of problem talking about here for support does really occured on old 1.2 version. but maybe because the support of 1.2 is losting active,so one would choice not gave this problem out for help.

2. one people trust another one,it does not just need online communicate,there lots of spys on there, from goverment,from website competitor,from everywhere,cyberspace is a dangerous place as you re running a commercial site.

grey.lv · 2010-02-25 08:34:51

lie2815 wrote:

Anyways, think about this: you shouldn't make anybody admin or moderator of your site if you don't trust them.

I agree. However, there are always unpredictable situations and how I was saying - large forums require large team of moderators.

I would rather disagree, that fixing this requires architecture changes. For me - it would be fully enough if Email column from Administration/Users search results wouldn't be visible for Moderators, but only for Administrators. The functionality/architecture remains the same, only moderators cannot list email addresses.

Hey, but I am not pressing anyone. It took me 5 minutes to fix this in my forum by completely disallowing moderator access to admin_users.php and removing it from admin menu. Just wanted to note it here, so other administrators would know how easy for moderator is to get complete list of all e-mail addresses.

Last edited by grey.lv (2010-02-25 10:01:39)

qie · 2010-02-25 08:44:31

t took me 5 minutes to fix this in my forum by completely disallowing moderator access to admin_users.php and removing it from admin menu

that mean you just edit the "admin_user.php", check the group_id ,if it was a "Moderator" group,then Deny access? then the Moderator click "admin_users.php" it gave a " you don't have permission to view this page" , huh?

Last edited by qie (2010-02-25 08:58:26)

Franz · 2010-02-25 08:52:55

grey.lv wrote:

I would rather disagree, that fixing this requires architecture changes. For me - it would be fully enough if Email column from Administration/Users search results wouldn't be visible for Moderators, but only for Administrators. The functionality/architecture remains the same, only moderators cannot list email addresses.

Hmm... this might be a good solution, actually. Let's see what others say...

grey.lv wrote:

Just wanted to note it here, so other people would know how easy for moderator is to get complete list of all e-mail addresses.

Good for them to know Just joking

qie wrote:

one people trust another one,it does not just need online communicate,there lots of spys on there, from goverment,from website competitor,from everywhere,cyberspace is a dangerous place as you re running a commercial site.

If you have fears like those, you should be worried about other things, I guess... Moderators could already do enough harm by just deleting tons of posts

Last edited by Franz (2010-02-25 08:53:03)

qie · 2010-02-25 09:02:26

If you have fears like those, you should be worried about other things, I guess... Moderators could already do enough harm by just deleting tons of posts sad

hmm, I don't agree with you. i think post is not more important than privacy. there lots of post,yeah.moderator comes up,check it,delete it,closed it,ban someone, is normal, just like nothing happened,but if he silently got your privacy information like your IP and mailbox,he will know you and your location easily (if he got other power of this society)

FSX · 2010-02-25 09:38:33

I don't think an IP address is private information. It is registered on all websites (if they keep up an accesslog). And there are lots of other methods to get your IP address.

Moderators also sees the user's IP address.

grey.lv · 2010-02-25 10:03:14

lie2815 wrote:

Good for them to know Just joking

Sorry, feel free to delete this part from my posts.

Franz · 2010-02-25 10:05:03

Nah, it won't matter. It's not like everybody with mal-intent can become moderator instantly. That's why I said I was joking

MattF · 2010-02-25 10:58:22

qie wrote:

2. one people trust another one,it does not just need online communicate,there lots of spys on there, from goverment,from website competitor,from everywhere,cyberspace is a dangerous place as you re running a commercial site.

qie wrote:

hmm, I don't agree with you. sad i think post is not more important than privacy. there lots of post,yeah.moderator comes up,check it,delete it,closed it,ban someone, is normal, just like nothing happened,but if he silently got your privacy information like your IP and mailbox,he will know you and your location easily (if he got other power of this society)

If you're that paranoid, or living in a society which is so nefarious, I'd personally say you ought to be considering designing your own system to your own exact specification. It would be bugger all use if you're living in such a society, as there will be far more means than a U.I for the 'state officials' to access any and all information unless your server is hosted by yourself, on your own hardware locally etc. Even then you would not be completely secure. There is one way to keep any and all information secure. Never connect any of your systems to a public network and never allow any users to connect to a system.

Btw, if you make someone whom you don't trust a moderator, then you have no-one to blame but yourself if something goes wrong.

If the display of private information is ignoring some existing security setting then it's a bug. If it's just not living upto someones specific level of paranoia in general, that isn't a bug.

qie · 2010-02-25 11:20:47

MattF wrote:

Btw, if you make someone whom you don't trust a moderator, then you have no-one to blame but yourself if something goes wrong.
If the display of private information is ignoring some existing security setting then it's a bug. If it's just not living upto someones specific level of paranoia in general, that isn't a bug.

why you said that, you can't believe another person totally even in a real world,even he/she is your best friend!
'
why you can let him/her handled your forum then totally got all your members' profile include yours?

why you said it'sa specific level of paranoia? it really makes me so so confused.

again,the topic is not a joking, not a little. it do make sense and it is serious bug.

Last edited by qie (2010-02-25 11:22:47)

grey.lv · 2010-02-25 22:13:20

This is not a bug, because everything works as designed.

I opened this topic, because there is an easy way to collect all email addresses and there is no option/switch to disallow it for moderators.

Lanark · 2010-04-17 09:45:08

If someone wants to collect ip addresses all they have to do is host an image somewhere, post it to a thread and then look at the webserver logs for the image.

for email addresses the suggestion from grey.lv sounds like a good compromise.

Forums

#1 2010-02-23 15:50:21

Disallow Moderators access to admin_users.php

#2 2010-02-23 15:55:05

Re: Disallow Moderators access to admin_users.php

#3 2010-02-23 16:05:05

Re: Disallow Moderators access to admin_users.php

#4 2010-02-23 16:08:17

Re: Disallow Moderators access to admin_users.php

#5 2010-02-23 16:17:29

Re: Disallow Moderators access to admin_users.php

#6 2010-02-23 16:28:01

Re: Disallow Moderators access to admin_users.php

#7 2010-02-23 16:42:07

Re: Disallow Moderators access to admin_users.php

#8 2010-02-25 07:35:14

Re: Disallow Moderators access to admin_users.php

#9 2010-02-25 07:57:27

Re: Disallow Moderators access to admin_users.php

#10 2010-02-25 08:17:40

Re: Disallow Moderators access to admin_users.php

#11 2010-02-25 08:22:48

Re: Disallow Moderators access to admin_users.php

#12 2010-02-25 08:34:51

Re: Disallow Moderators access to admin_users.php

#13 2010-02-25 08:44:31

Re: Disallow Moderators access to admin_users.php

#14 2010-02-25 08:52:55

Re: Disallow Moderators access to admin_users.php

#15 2010-02-25 09:02:26

Re: Disallow Moderators access to admin_users.php

#16 2010-02-25 09:38:33

Re: Disallow Moderators access to admin_users.php

#17 2010-02-25 10:03:14

Re: Disallow Moderators access to admin_users.php

#18 2010-02-25 10:05:03

Re: Disallow Moderators access to admin_users.php

#19 2010-02-25 10:58:22

Re: Disallow Moderators access to admin_users.php

#20 2010-02-25 11:20:47

Re: Disallow Moderators access to admin_users.php

#21 2010-02-25 22:13:20

Re: Disallow Moderators access to admin_users.php

#22 2010-04-17 09:45:08

Re: Disallow Moderators access to admin_users.php

Board footer