 Profiles and message titles visible to lurkers [message #16529] |
Wed, 04 February 2004 04:49  |
Delta
Messages: 8
Registered: January 2004
Karma: 0
|
Junior Member |
|
|
I am assuming this is a bug: With just about every info function turned off on the front page, unregistered users can:
- View the profile of anyone who is noted on the public forums listing of the front page, including moderators and last poster in a forum,
AND
- View the message titles of all the posts of those people, even posts in the "private" forums. The messages themselves are still blocked, but still, lurkers are able to see titles, which is more than would be expected.
This happens with the following settings:
Members list is enabled only for registered users.
Search is enabled only for registered users.
Who's online, etc. are disabled.
Group settings completely disable unregistered users on all functions of the private forums.
Again, I'm assuming this is a bug and not an error in settings. I believe I locked everything up pretty tight. Our members would like to assume that only other members can see their profiles. This seems like a glaring loophole.
I checked the recent updates and did not see these things mentioned, but perhaps I did not understand some jargon. (?)
Thanks!
|
|
|
|
|
|
| Re: Profiles and message titles visible to lurkers [message #16538 is a reply to message #16537] |
Wed, 04 February 2004 15:20  |
Delta
Messages: 8
Registered: January 2004
Karma: 0
|
Junior Member |
|
|
Anonymous users are set to "N" for everything on the private forums. But even so, profiles for any users linked on the front page are visible to all, including anonymous users.
From the profile, anonymous users can view the headings of all of that user's posts, including posts on the private forums.
Any username linked on the front page is vulnerable to this kind of peeping by any anonymous user.
Thanks for the suggestion, though. I'm still stumped.
[Updated on: Wed, 04 February 2004 16:29] Report message to a moderator |
|
|
|
|
|
|
|
|
|
| Re: Profiles and message titles visible to lurkers [message #16601 is a reply to message #16559] |
Mon, 09 February 2004 19:33 |
Ilia
Messages: 13241
Registered: January 2002
Karma: 0
|
Senior Member
Administrator
Core Developer |
|
|
The user profile displaying is always avaliable. But, the anon user would need to know the id of the user in order to see it.
On the profile page itself if the last message posted by the user was in the private forum it will not be displayed.
For private forums if you take away ALL permissions (including view) from anon users they won't be able to see that that forum completely.
FUDforum Core Developer
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]