Jump to content

Preventing Admin from Accessing Messages and Email Addresses


Chris Anderson

Recommended Posts

Posted

I will be launching a website utilizing IPB Software that may have many high profile business people become members.  I would like to create an environment where they would feel comfortable using the message system to communicate with each other knowing I don't have the ready means to read their messages and have access to their email addresses. 

As the software stands now, I am able to login as one of these individuals and read their email or I could create a copy of the MYSQL database and programmatically read emails as the database fields related to messages utilize a password I know.  Is there a way to have a separate password just for the message database fields.  This password would be inputted by a trusted third party. and stored on the server in a way that I couldn't use it on a copied database unless I had the third party provide the 2nd password.  Once the plugin was installed it would ask for the 2nd account name and password and then run code to change over to the new account.  The plugin would then require two passwords in order to be removed.  I would also need the plugin to remove "login as another member" functionality and my ability to view the email address of any member.  The plugin would have to remain in order for messaging to work and the code be sufficiently obfuscated to prevent someone readily designing a workaround or figuring out the 2nd password.

To simplify things the plugin would be installed on a fresh install so you wouldn't have to deal with existing users and data other than what is created for the default admin account.

If this sounds like something you could do please let me know what you would charge and an estimated time-frame to complete the project. 

 

Posted
45 minutes ago, Christopher Anderson said:

I will be launching a website utilizing IPB Software that may have many high profile business people become members.  I would like to create an environment where they would feel comfortable using the message system to communicate with each other knowing I don't have the ready means to read their messages and have access to their email addresses. 

As the software stands now, I am able to login as one of these individuals and read their email or I could create a copy of the MYSQL database and programmatically read emails as the database fields related to messages utilize a password I know.  Is there a way to have a separate password just for the message database fields.  This password would be inputted by a trusted third party. and stored on the server in a way that I couldn't use it on a copied database unless I had the third party provide the 2nd password.  Once the plugin was installed it would ask for the 2nd account name and password and then run code to change over to the new account.  The plugin would then require two passwords in order to be removed.  I would also need the plugin to remove "login as another member" functionality and my ability to view the email address of any member.  The plugin would have to remain in order for messaging to work and the code be sufficiently obfuscated to prevent someone readily designing a workaround or figuring out the 2nd password.

To simplify things the plugin would be installed on a fresh install so you wouldn't have to deal with existing users and data other than what is created for the default admin account.

If this sounds like something you could do please let me know what you would charge and an estimated time-frame to complete the project. 

 

i know looking for plugin or app but why not allow users to use Two Factor Authentication this would stop admin trying login (no idea why would) and the database can't be copied in 4.3.x as that option removed from admin cp unlike 3.4.x.

Posted

image.thumb.png.04cbcb3d0fafd49030ae99876a18a0b7.png

As shown in the screenshots I can easily see the email address of a person and login and read their mail with a few simple clicks.  The marketplace has several apps that allow an admin to readily read messages or programmatically screen mailboxes for certain content. I wouldn't do anything with the email addresses or try to read messages but that is hard to prove hence my interest in coming up with a solution that that would prevent it programmatically.

Posted
9 hours ago, Christopher Anderson said:

image.thumb.png.04cbcb3d0fafd49030ae99876a18a0b7.png

As shown in the screenshots I can easily see the email address of a person and login and read their mail with a few simple clicks.  The marketplace has several apps that allow an admin to readily read messages or programmatically screen mailboxes for certain content. I wouldn't do anything with the email addresses or try to read messages but that is hard to prove hence my interest in coming up with a solution that that would prevent it programmatically.

That why said look at two factor authentication this should reduce need any plugin could be disabled again via admin cp but if don't work I look see how that option could be hidden 

Posted

You can limit the admin abilities on the dashboard for a particular administrator.

Members - Staff - Administrators 

Select the administrator account - Edit

Then go to members -  and uncheck this option: "Can sign in as members "  

So the administrator won't be able to login as members. You can also check and uncheck a bunch of other features to limit the admin capabilities 

Posted
54 minutes ago, gabs007 said:

You can limit the admin abilities on the dashboard for a particular administrator.

Members - Staff - Administrators 

Select the administrator account - Edit

Then go to members -  and uncheck this option: "Can sign in as members "  

So the administrator won't be able to login as members. You can also check and uncheck a bunch of other features to limit the admin capabilities 

I appreciate your suggestion but remember "I" can't be trusted.  I might reverse the setting.  There is the possibility that no one will put up a fuss about this but if they should I would like to be able to have a ready solution that I could implement. 

Posted
4 hours ago, Christopher Anderson said:

I appreciate your suggestion but remember "I" can't be trusted.  I might reverse the setting.  There is the possibility that no one will put up a fuss about this but if they should I would like to be able to have a ready solution that I could implement. 

Your idea will not solve the issue let take the above example its allowing the owner setup the correct settings that could be turn off/on no via the default settings made by IPS the tools that come as default vs a having plugin installed or application that could be removed or disabled by admin it the same problem as the first example. So to solve your problem if don't trust your admin that may read or may not read PM then have limited usergroup setup will resolve your problem, you might see that as best way but hook will not stop the problem.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...