SMF Support > SMF 2.0.x Support

Are mods safe?

<< < (2/3) > >>

MrPhil:
It is not enough that "this new member is good at SMF". You also need to absolutely and completely trust them to do the right thing. Giving "administrator" control to them is giving them the Keys to the Kingdom. Giving them site file and database access would give them even more power, and sooner or later will be needed even if you just want them to install mods. He will have the power to completely destroy your forum if he so wishes (or if he's not as good as he thinks he is), so be very careful handing over power.

Arantor:

--- Quote ---Giving them site file and database access would give them even more power, and sooner or later will be needed even if you just want them to install mods
--- End quote ---

If they can install mods, they basically have that power. And if they're an admin, they can also download a backup and see everything anyway.

MrPhil:
Let me clarify. I was talking about giving direct site control panel access powers (files and database), rather than just Admin powers in SMF. Such site access will sooner or later be needed when a mod doesn't want to install without assistance. At that time, the SMF maintainer will have complete control over your site, which is why you have to absolutely trust anyone you give such powers to.

Arantor:
If you have admin powers in SMF, you already have database powers. You even already have the username, password, database name and prefix to look for.

If you have admin powers in SMF, you can likely already access sufficient power to do what you want anyway. With or without using FTP.

butchs:

--- Quote from: Arantor on June 24, 2012, 09:47:24 AM ---Interesting idea, except that there are legitimate mods that have modified such things in the past, I know I once rewrote how board access was arranged (which would assuredly be the sort of thing you'd be checking!)

By the way, the example I gave wasn't hypothetical. That actually happened and the person who did so was in fact banned from this very site (multiple times).

--- End quote ---

I understand.  But to clarify you capture the changes.  Allowed approval of said changes by the #1 Admin, encrypted & compressed the approved changes in a format of your choosing and then used that approved information to verify that hacking did not occur based on a scheduled task.  All this only accessible by the #1 Admin.

I know it is possible...  It would be cool...  Only a few, like you, have the ability to make it possible.
:)

Navigation

[0] Message Index

[#] Next page

[*] Previous page