#6330 closed idea (no action required)
Private messages - User Switching plugin
Reported by: | Stagger Lee | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Core | Keywords: | |
Cc: | pericam@… |
Description
First will say I know that is possible to read private messages from other Users if you have root access to database. Export as any of the extensions and read. But it is difficult, chaotic, and not easy to find/read private messages from table.
So in some way this is standard for almost all forum scripts and it is as it is, and thanks God not easy to do it.
My question is about User Switching plugin. With few clicks you are inside any User profile and you can read private messages as they read them.
Probably it is not easy to limit browser access to private messages of other Users and neuutralize plugins like User Switching.
But, just to ask anyway. Would it be tehnically to demanding to limit effects of such User switching plugins ?
Change History (4)
#2
@
10 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
BuddyPress is tied to WordPress and their user system, so any plugin such as User Switching makes it possible for admins to view anyone's logged-in content.
User Switching only allows admins, by default, to login as another user anyway. If you are afraid of plugins like User Switching, do not install them on your site.
#3
@
10 years ago
- Cc pericam@… added
@r-a-y, thanks.
I personally never have problem with it, never directly.
Meant more to reduce fear factor among BuddyPress/bbPress population :)
Please delete this trac, better not to mention this at all. What they dont know, they cannot fear of.
https://wordpress.org/plugins/user-switching/
I wrote this trac because panic and paranoia forum users have usually if they hear someone can so easy read theirs private messages.