| We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
| [ ! ] Is there any way to log private messages? | |
|---|---|
| Tweet Topic Started: Feb 7 2015, 12:19 AM (1,336 Views) | |
| Devourz | Feb 7 2015, 12:19 AM Post #1 |
|
Member
![]() ![]() ![]() ![]() ![]()
|
is there anyway to log private messages? |
![]() |
|
| Helena | Feb 7 2015, 12:22 AM Post #2 |
![]()
M is for Mod
![]()
|
PM logging is an option for boards that subscribe to ZetaBoards Premium. It can be enabled/disabled by member group. PMs cannot be logged on the free version of ZetaBoards. |
![]() |
|
| Kankuro | Feb 7 2015, 12:34 AM Post #3 |
|
かんくろ
![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
Are 3rd party codes to duplicate features of Zetaboard Premium allowed? This request for example, could it be fulfilled with a code or would that be against rules? |
![]() |
|
| Arrogant | Feb 7 2015, 12:37 AM Post #4 |
|
Member
![]() ![]() ![]() ![]() ![]() ![]()
|
Are you saying they cannot be logged because that feature doesn't exist on free versions of ZetaBoards.. or because PMs aren't allowed to be logged on free versions of ZetaBoards? D'oh, Kankuro beat me to it. I was under the impression that it was allowed as long as users are notified before they send a PM (similar to how it works on premium boards). Is that not the case? As far as I'm aware, board owners are allowed to log passwords using JavaScript, so it'd be fairly odd if PMs weren't also allowed to be logged (since passwords can be used to gain access to accounts anyway.. along with changing passwords in the ACP, so PMs aren't really guaranteed to be "personal" to begin with). Edited by Arrogant, Feb 7 2015, 12:38 AM.
|
![]() |
|
| Helena | Feb 7 2015, 12:54 AM Post #5 |
![]()
M is for Mod
![]()
|
Sorry for not stating that more clearly. That option does not exist for free ZetaBoards. However, it is not good idea to write a code that will log PMs for a free ZetaBoards version. It could qualify as harmful or disruptive JS and violation of the TOS and therefore has been discouraged. The version available through ZetaBoards Premium has safeguards to insure users are aware of the features action in their accounts. Although PM stands for "personal message", many users interpret it as "private message" and have an expectation that their inbox communication is indeed private. So it is necessary to be sensitive that perception. Edited by Helena, Feb 7 2015, 03:10 PM.
|
![]() |
|
| Reid | Feb 7 2015, 01:13 PM Post #6 |
![]()
È una trappola!
![]()
|
That is not the case. If you come across a board that does so, please report it immediately. |
![]() |
|
| Arrogant | Feb 7 2015, 02:05 PM Post #7 |
|
Member
![]() ![]() ![]() ![]() ![]() ![]()
|
I reported an InvisionFree forum to the staff years ago for rerouting login information to a third-party site, and was told that it was fine. I was told that while the staff do not encourage such a thing, it's allowed.
|
![]() |
|
| Reid | Feb 7 2015, 02:45 PM Post #8 |
![]()
È una trappola!
![]()
|
I don't know who said that or when that was said (you can PM those details to me if you'd like), but we have closed boards in the past for sending ZetaBoards account passwords to a third-party service. |
![]() |
|
| Arrogant | Feb 7 2015, 04:37 PM Post #9 |
|
Member
![]() ![]() ![]() ![]() ![]() ![]()
|
Just so it's clear, what part of the ToS would that be violating? Stephen referenced section 3.1 in a similar thread: I've always thought that section referenced content in threads, posts, uploads, etc.. not content, such a JavaScript, that's added to the board wrappers. Since PM logging exists as a feature, I'm assuming privacy can be invaded as long as board users are notified that it's going to happen if they take a voluntary action. Would password rerouting/logging be alright if a notice were added to the login page? Like mentioned above, rerouting passwords and other login information can also be done for innocuous purposes, such as enabling the use of a third-party database to store information securely. Is that not allowed? |
![]() |
|
| Reid | Feb 7 2015, 05:06 PM Post #10 |
![]()
È una trappola!
![]()
|
In the terms of service, content is defined as I don't know if stuff in the board template should be included in "user created data" or not, but I would argue that it should be, and thus has all the same restrictions as defined in section 3.1. However, if that is not enough, in section 12 (Prohibited Behavior), it says Since logging users' passwords without their knowledge is clearly harmful, this line prohibits it. I can't speak directly for Zathyus on the matter, but my opinion is that if the user were presented with a dialog box informing them that their password will be visible to board administration upon logging in/registration, and they accepted this (by clicking Yes, I understand), then that would be OK. At that point, they are clearly aware and have accepted that their password is not private, and they can take appropriate measures with that knowledge in mind. But, silently logging passwords without user consent is a surefire way to get your board closed. However, that is my opinion: do not interpret it as network policy. If you are concerned about serverside security, there are several creative workarounds that don't require sniffing a user's account password. For example, have your code grab a random token from the server and place it in the user's signature temporarily. Then, the server loads the user's profile, finds the token, and so verifies that the user is the master of that account. After that, you could store another random token in the user's note pad (in the user CP) that acts as a password for their account on the server. Also, store that locally in their browser (say with `$.zb.set`). Then, for future requests, use that token to authenticate against the server. That's a more complicated solution, but it effectively couples the user's ZetaBoards account to their server account without needing their password. |
![]() |
|
| Cory | Feb 13 2015, 08:14 PM Post #11 |
|
Member
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
If the code were to add the same exact safeguards, would it then be a problem-free solution, therefore allowed to be written and released publicly? |
![]() |
|
| Reid | Feb 21 2015, 03:50 PM Post #12 |
![]()
È una trappola!
![]()
|
This request was deemed impractical by our staff. This could mean that the feature you have requested is impossible to write, requires PHP and/or hosting, or requires too many AJAX requests. If you have any questions about why this request is not practical, feel free to contact Reid . |
![]() |
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · Closed Requests · Next Topic » |
| Track Topic · E-mail Topic |
8:30 PM Jul 10
|


![]](http://b1.ifrm.com/0/1/0/p601690/pipright.png)






8:30 PM Jul 10