Subj : Re: What does "Msg Kinds" specify?
To   : Vincent Coen
From : Niels Haedecke
Date : Mon May 25 2020 01:44 pm

Vincent Coen wrote to Niels Haedecke:
VC> Hello Niels!
VC>
VC> I thought that setting a echo to private no one see content other than the

VC> sender and
VC> recipient.
VC>
VC> Are you saying that is NOT the case and if so under what circumstances,
VC> i.e.,
VC> dany user
VC> logged into the system or a remote user via internet or QWK packets ?
VC>
VC>

Hi Vincent,
sorry for the very delayd reply. So here's what user "test" (who is a
non-sysop user) sees when he is querying the local, private echo:

#     From                 To                   Subject

1     amiganer             niels haedecke       Hi

2     lodger               amiganer             Re: Hi


So as you can see, the user I'm logged in (test) can see that there are
private messages between amiganer and lodger. He can even see the subject of
any private message. This should not be possible. When querying the local,
private echo, user "test" should not see any messages listed he is neither
sender nor recipient of.

However, when user "test" is then trying to read one of the two messages he
was shown, he gets:

"This is a private message; only the owner and addressee can view it."

So is this the expected behaviour and could this be fixed so you can't "spy"
on other conversation topics and participants by running the Quickscan
command.

Kind regards,
Niels

   Greetings, Niels Haedecke

--- MBSE BBS v1.0.7.13 (GNU/Linux-ARM)
* Origin: Wintermute BBS - Duesseldorf, Germany (2:240/8002)

You are viewing proxied material from vert.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.