Announcement

Collapse
No announcement yet.

guest viewing specific thread in a private forum

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • guest viewing specific thread in a private forum

    i know if a guest trys to access the lets say "admin and mods" private forum it will come up in online users that the guest is viewing admin and mods even though they really are not as they have no access, but what would it mean if it showed them viewing a specific thread in a private forum??
    MCSE, MVP, CCIE
    Microsoft Beta Team


  • #2
    i have just discovered if you copy a thread url in a private forum, log out, and paste that url into your browser as a guest you can view that thread as a guest. is this not a security problem???
    MCSE, MVP, CCIE
    Microsoft Beta Team

    Comment


    • #3
      It's your cache. If you hit refresh you get the no permissions page.

      Comment


      • #4
        dont i feel dumb, thanks : )
        MCSE, MVP, CCIE
        Microsoft Beta Team

        Comment


        • #5
          If a guest is viewing a thread in a private forum, could be a couple of things. If a thread is moved off your board into a dump forum, and if people have been passing around the URL in email, they could click on the link and get the no permission page. They would still be seen as viewing the thread in who's online. This happened on our board once. Scared me until I realized what was happening.

          It could also be a mod or someone with private access passing around URLs to private threads. Of course the thread can't actually be seen unless the person is logged in with private access.

          Comment


          • #6
            It could also be someone typing in URLs...
            http://yoursite.com/showthread.php?threadid=1
            http://yoursite.com/showthread.php?threadid=2
            http://yoursite.com/showthread.php?threadid=3
            http://yoursite.com/showthread.php?threadid=4
            ...

            Comment

            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
            Working...
            X