Don't show user's secert question to admins when modifying profile

[Tom]

In yaBB SE the admin can see the user's secert question when you modify their profile. I think that it is like their password and should not be viewed that easily, and should remain private. It is still like this is SMF?

[Grudge]

I'm not sure about the question but the answer is encrypted so the admin could not see that...

[Ben_S]

Question is still visible but the answer not for the reason Grudge says.

[Anguz]

still... the question is a BIG hint to the answer, which is usually the password...

if a moderator that has access to profiles, can see this, he may use that account... although I try to give moderator power to a person I trust, I've been betrayed in the past

[Ben_S]

The question is easilly accessable by anyone anyway.

[[Unknown]]

Yes, I can pretend I'm, say, "Anguz" and that I've, say, forgotten "my" password.

-[Unknown]

[Chris Cromer]

There is a simple solution... don't use an easy to guess question.

[Anguz]

Yes, I can pretend I'm, say, "Anguz" and that I've, say, forgotten "my" password.

-[Unknown]

oooo hadn't thought about that.. you guys are absolutely right...

There is a simple solution... don't use an easy to guess question.

I don't

[[Unknown]]

Better solution: remember your password and DON'T use a secret question or answer .

(this is what I do.)

-[Unknown]

[Anguz]

Better solution: remember your password and DON'T use a secret question or answer .

(this is what I do.)

-[Unknown]

me too, that's what I meant when I said "I don't"

[Peter Duggan]

still... the question is a BIG hint to the answer, which is usually the password...

To be honest, I'm surprised to hear that!

[Anguz]

still... the question is a BIG hint to the answer, which is usually the password...

To be honest, I'm surprised to hear that!

why?

[Aoshi]

I'm also quite surprised... Why would anyone do that? The question isn't there to remind you of your password... It's so that you can change it if you've forgotten it.

As for me, I usually pick a dumb question like, "when's your birthday?" and answer with something like "screw off ya bastard" or something. Something really hard to guess, but I'd know because that's probably what I'd tell strangers who ask that.

[David]

The secret question field could jsut be removed and an option to "reset it" added.

[Aoshi]

This is true, but it would be really annoying if people just did it to others. Probably would be able to quickly track the person abusing the system though. Don't mind this post...

[Peter Duggan]

still... the question is a BIG hint to the answer, which is usually the password...

To be honest, I'm surprised to hear that!

why?

Because the purpose of the secret question is to let *you* back into the forum, not anyone else who might want to misuse your identity. So a secret question which anyone can answer seems a pretty dumb concept anyway, let alone one which leads them straight to your password!

[Ben_S]

I guess I should change my secret question then, on that basis "What is my name" just doesn't cut it

[dschwab9]

I guess I should change my secret question then, on that basis "What is my name" just doesn't cut it

Well, only admin can see it in your profile, and admin can change your password to whatever he wants anyway, so, even if it did show the question and answer in the profile, that's not a security risk.

BUT, if you are using "What is my name?", anyone can do the forgot password option and enter your username and get asked your question.

[Ben_S]

I was joking

[Acf]

I'm also quite surprised... Why would anyone do that? The question isn't there to remind you of your password... It's so that you can change it if you've forgotten it.

As for me, I usually pick a dumb question like, "when's your birthday?" and answer with something like "screw off ya bastard" or something. Something really hard to guess, but I'd know because that's probably what I'd tell strangers who ask that.

owww realy evil laugh goes and tests