Hi there,
I've set up a local message area and set "Msg Kinds" to "Private". I uderstand that by doing things this way, only the sender and addressee
of a specific message can read it. Still, other users can use
"Quickscan" to view who sent a specific message, who was the addressee
for that message and what its subject was.
My assumption would be that if "Msg Kinds" is set to "Private", a user
would only be able to see his/her sent/received messages. It seems to
work that way if "Msg Kinds" is set to "Private" on a non-local,
Echomail message area.
In other ways: is it possible to have a non-networked (local) but
private message area similar to what "personal messages" are on other
BBS systems?
Hello Niels!
I thought that setting a echo to private no one see content other than the
sender and
recipient.
Are you saying that is NOT the case and if so under what circumstances, i.e.,
dany user
logged into the system or a remote user via internet or QWK packets ?
Vincent Coen wrote to Niels Haedecke:
Hello Niels!
I thought that setting a echo to private no one see content other
than the
sender and
recipient.
Are you saying that is NOT the case and if so under what
circumstances, i.e., dany user logged into the system or a remote
user via internet or QWK packets ?
Hi Vincent,
sorry for the very delayd reply. So here's what user "test" (who is a non-sysop user) sees when he is querying the local, private echo:
# From To Subject
1 amiganer niels haedecke Hi
2 lodger amiganer Re: Hi
So as you can see, the user I'm logged in (test) can see that there
are private messages between amiganer and lodger. He can even see the subject of any private message. This should not be possible. When
querying the local, private echo, user "test" should not see any
messages listed he is neither sender nor recipient of.
However, when user "test" is then trying to read one of the two
messages he was shown, he gets:
"This is a private message; only the owner and addressee can view it."
So is this the expected behaviour and could this be fixed so you can't
"spy" on other conversation topics and participants by running the
Quickscan command.
Clearly from your testing it looks like the content SHOULD be private
but the msgs lists are not.
I must admit I am in two minds on this, but leaning that this
behaviour is correct.
It is the content that must be private.
The information provided by seeing a list of from, to, subject is not confidentaal.
Clearly from your testing it looks like the content SHOULD be
private but the msgs lists are not.
Yes, it should be. The details of the messages from, to and subject
should also be private and not displayed to anyone aside from the
sender or recipient.
Why display to details of a private message to others?
This looks like a bug that went unnoticed.
Probably not hard to fix if anyone is caring for MBSE.
So as you can see, the user I'm logged in (test) can see that there
are private messages between amiganer and lodger. He can even see the subject of any private message. This should not be possible. When
querying the local, private echo, user "test" should not see any
messages listed he is neither sender nor recipient of.
However, when user "test" is then trying to read one of the two
messages he was shown, he gets:
"This is a private message; only the owner and addressee can view it."
So is this the expected behaviour and could this be fixed so you can't "spy" on other conversation topics and participants by running the Quickscan command.
Hello Niels!
25 May 20 13:44, you wrote to Vincent Coen:
So as you can see, the user I'm logged in (test) can see that there are private messages between amiganer and lodger. He can even see the subject of any private message. This should not be possible. When querying the local, private echo, user "test" should not see any messages listed he is neither sender nor recipient of.
However, when user "test" is then trying to read one of the two messages he was shown, he gets:
"This is a private message; only the owner and addressee can viewit."
So is this the expected behaviour and could this be fixed so youcan't
"spy" on other conversation topics and participants by running the Quickscan command.
This bug has been fixed in v1.0.7.16, which was just committed to the SourceForge Mercurial and Git repositories.
Thanks for letting me know about the issue.
Andrew
--- GoldED+/LNX 1.1.5-b20180707
* Origin: Phoenix BBS * phoenix.bnbbbs.net (1:320/219)
thank you for fixing this issue (and the one regarding the user handle
in From/To fields) so quick! I've already updated my Wintermute BBS to 1.0.7.17
Working perfect so far!
Glad to hear it!
Sysop: | digital man |
---|---|
Location: | Riverside County, California |
Users: | 1,042 |
Nodes: | 16 (0 / 16) |
Uptime: | 00:00:04 |
Calls: | 500,919 |
Calls today: | 6 |
Files: | 109,372 |
D/L today: |
13,988 files (2,256M bytes) |
Messages: | 305,042 |
Posted today: | 6 |