Skip to main content
Hide admin status in forum by default? Started by ahrasis · · Read 12286 times 0 Members and 2 Guests are viewing this topic. previous topic - next topic

Hide admin status in forum by default?

I was thinking about the security issues currently discussed and am wondering that may be the main reason a thief can steal access to server or database is because he knows that an admin normally has that access.

What if the admin status is hidden in the forum by default? If nobody is known as an admin, the thief need to inspect almost all accounts. Of course they can suspect user profile number 1 as default admin, but the true admin could change that account to regular user or delete it.

Of course, the forum admin may disclose his identity as his own will, but not by default.

Since this is just an idea, I was thinking, may be this can first be made as an addon rather than a feature? Or is it better as a feature?

Re: Hide admin status in forum by default?

Reply #1

Hey hey you changed your profile picture!

But anyway, that's a good idea, for security's sake. :)
Facta, non verba.

Re: Hide admin status in forum by default?

Reply #2

It's on the contrary @niloc :P

Re: Hide admin status in forum by default?

Reply #3

I don't know how much security would increase with just hiding the group.
Would you leave your car open just because the doors are hidden behind a curtain?

Most of the hacking done nowadays, are based on re-using of passwords and usernames across multiple sites (even very old passwords, because during the recent github attack, the hackers were using an old database of passwords from myspace as far as I understood), so hackers don't really care about the username or the role, they just try out any possible combination they have handy across multiple websites.
Also, from my experience, most of the forum admin wants to be recognized as admin and owners of the forum with a big shiny button screaming "ADMIN", and wants to have the admin interface handy for whatever they want to do.
Bugs creator.
Features destroyer.
Template killer.

 

Re: Hide admin status in forum by default?

Reply #4

That's true also.

Rich people and ordinary people similarly are being rob everyday because most criminals just dont careless who they are robbing.

But some of them are smart and very selective so targeting certain users are more worthy to them. Why choose the common ordinary if you can rob the rich?

So some may prefer to live a common ordinary life just like many others so they won't be seen as being one of the targeted group.

Just a cent, if it makes sense. :)

Re: Hide admin status in forum by default?

Reply #5

Don't know if this helps and probably has nothing to do with this topic, but on my board where I am admin, I am using an username which is different from the username displayed on forum. So before anyone can try to login with my account he need to know my real username
sorry for my bad english

Re: Hide admin status in forum by default?

Reply #6

Yes. I have that idea too. They still however display their user id. May be, the server / database could be more restrictive or hidden or removed from admin cp. Are these info really useful or necessary?


Re: Hide admin status in forum by default?

Reply #7

Quote from: emanuele – Also, from my experience, most of the forum admin wants to be recognized as admin and owners of the forum with a big shiny button screaming "ADMIN"

Hahahahhaa yeah this is so true! :p
Facta, non verba.

Re: Hide admin status in forum by default?

Reply #8

Yes. That is true.

But that can be faked too[1]. ;)
by creating a group that look like admin but is not or with no access to server / database or something a long that idea

Re: Hide admin status in forum by default?

Reply #9

Is it possible to hide the admin user and hide all references to user ID 1 too? That would be real hiding of the first (admin) user.

Re: Hide admin status in forum by default?

Reply #10

My idea was:
1. You may need to change user ID #1 to non-admin or delete that account.
2. Do not use any admin account for posting or the addon can be used to block it.
3. Faked admin user [1]can be created for posting purposes.
4. May be, additionally or alternatively, make only admin can access any other admin account but not guest or other registered user or error page could not be found or something.
that displays admin badge

Re: Hide admin status in forum by default?

Reply #11

But if I make another user to admin (and delete user with ID=1), the new admin user is in the admin user group and can be found via searching the groups, or not? The admin user group must be hidden too.

Re: Hide admin status in forum by default?

Reply #12

That is what I was trying to say in #4. But user #1 will always be the target as he is by default an admin user.

Re: Hide admin status in forum by default?

Reply #13

Ah, okay, sorry. It's too early and I watched the Euro 2016 yesterday (Island vs. Britian - what a game)! :-[

Re: Hide admin status in forum by default?

Reply #14

Many people here have to stay awake to watch Euro too. Unfortunately, I do not have high interest in football.