Can admins read user's private messages?
AppleBag - October 14, 2008 - 09:55
Hi all
I do not have a drupal installation, but am a user of a drupal site run by someone else. I was just wondering if the admin is able to read the private messages of the users of his site? Either via the admin area, or possibly some hack out there allowing it (PhP Nuke used to have one of those), or even via the tables in the MySQL database? (Unencrypted pm's stored in the db?).
Just wondering how private these messages really are. :)
thanks!
Private means private
I dont think so, I am running drupal on one of my site.
And I just dont see any option like this.
Drupal developers wont build anything that is going to bring its users to the state you think you are in.
Gamers' Den
Yes, depending...
As an admin on a site I am able to change a user's password. So all that one needs to do is change their password and log in as that person. This is NOT something that I do, but it could be done for that purpose. Hopefully the person running the site you are on and anyone they have helping them respect privacy.
That can happen but I'm
That can happen but I'm fairly certain that you'd know if it did. I don't think you could stop it from happening but your password would be changed and you'd definitely notice that after the fact.
You might find this module
You might find this module helpful
masquerade
Connecting Indraprastha University | IPU Tech
I'm not saying it would be
I'm not saying it would be likely. But the person questioning wanted to know if it was possible someone could read a message and that is one way that it would be possible. :) Not likely, but possible. My rule is that if I don't want something read, don't write it...anywhere! LOL.
Database Message Unencrypted....
I just checked our private message table in the MySQL database for the site I admin and they are stored in there unencrypted. So you might want to keep anything you don't want read out of there.