Starting Message Forums

Private Message Forums Hosting
Simple, Private, $9.95/month
No software to install. No advertising.
Click Here

Setting up a private Message Forum

The basic configuration of Private Message Forums restricts total access to "Registered" members only.
However, there are several variations of the basic configuration, such as allowing some users access to certain portions while restricting access to other portions. Another popular security configuration is to allow non-members to view the forum, but only allow "Registered" members to post messages.

There's also variations of the "Registration Process". The registration process defines how a user becomes a "Registered" members. For example, users could be allowed to "Register" without any oversight, or a forum could be configured to not allow user registrations to become active, until approved by the forum manager. Yet another configuration might be to only allow the board manager to register members.

Following is a comprehensive list of the types of privacy features possible, regardless of which message forum provider or message forum software you use. You should be aware of these options when setting up a Private Message Forum.

Privacy Features

  1. Preventing access to the entire forum.
    This is the basic privacy configuration most forums will use. It ensures all users must login with a valid password before access is given is give to view the forum.
  2. Preventing access to only a particular section of the forum.
    This configuration allows certain types of access to certain sections of the forum. For example, a certain section of the forum may be only accessible by specific(privileged) users, or perhaps a certain section of the forum can be viewed but not posted into.
  3. Preventing access to specific messages on the forum.
    This is usually set up as an additional option where users are allowed to post "Private" messages that are only visible to specific users.
  4. Enabling specific user access rights(e.g., user can view but not post).
    This feature refers to the ability of the forum manager to specify, at the user level, which rights a user has. For example, a forum manager might specify that a particular user could view messages, but not post/create messages.
  5. Registration only required for posting.
    This type of configuration would allow anyone to view messages on the forum, but they must register to post messages.
  6. Preventing access to the forum Management/Admin page.
    There is always a special privacy control, i.e. manager's password, that allows access to the forum's management or administration page.
  7. Giving specific users "Moderator" privilege/access.
    Another type of privacy control allows the forum manager to designate certain users as "Moderators". Moderators are given special privileges above those of a normal user, such as the ability to Approve, Modify, and Delete other user's messages. Ideally, you should be able to designate moderators for the entire forum or just for specific section of the forum.
  8. Blocking users based on IP addresses, passwords, email addresses.
    Another privacy control, should be the ability to block problem users based on IP address, password, or email addressess.
  9. Identifying problem users.
    Yet another privacy control, is a "ReportAbuse" link that allows any user to easily report abuse observed by another user.

Registration Scenarios

Privacy controls are usually implemented to ensure anyone accessing the forum is a registered member, i.e. they have a valid password. The access given a user is determined by the specific access privileges associated with his/her password.

Several user registration scenarios can be implemented to provide users with a password.

  1. System Wide password
    Under this scenario the same password is given to all users. The advantage is that it requires minimum effort to set up. The disadvantage is that if you have a problem user, a new password must be created and distributed to all users. This configuration does not allow the forum to track and associate specific activities to individual users. For example, statistics such as last visit, number of messages posted, etc. can't be accumulated for each user.
  2. forum Manager creates passwords
    This is the most secure scenario, but also the most time consuming from the forum manager's standpoint. Each user password is created by the forum manager and then emailed/distributed to users.
  3. User creates his/her own password but password requires forum manager approval
    This scenario allows users to create their own password, however the system does not activate a password until the forum manager has reveiewed and approved it.
  4. User creates his/her own password and no management approval is required
    This configuration is least secure, but requires no effort from the forum manager's viewpoint, while still ensuring all users are registered.
caveat: In all cases, it's a good idea to have the user's email address authenticated during the registration process. Email authentication ensures the email address the user enters during the registration process, is a valid email address. This is usually done automatically by the message forum software, by sending an authentication email to the new user and awaiting an email reply from the user. Once the reply is received the message forum software marks the email address as authenticated and allows the registration process to continue.

Other Considerations

Consider whether a password alone will suffice or do you won't to impose an additional security requirement by having users enter a username as well as a password.

Saving a password
Consider if the forum provides an option that allows users to "Save" their password, so that on subsequent visits they will not be required to enter their password.

Email Address authentication
Ideally, the registration process should always be able to automatically authenticate a user's email address during the registration process. This ensures the email address provided during the registration, actually belongs to the user.

Search engine traffic
You'll want to know if the privacy configuration you put in place will prevent search engines from accessing your forum.

List Serv considerations
If your forum provides list serv capabilities, i.e. email notifications of new messages posted, you'll want to ensure the privacy controls you put in place for the forum, will apply to all list serv features.

Modifying/Deleting messages
Sometimes a forum manager will not put any privacy controls in place, i.e., anyone can view and post messages, but still require users to create a password when creating/posting a message. This is done to ensure the only person who can modify or delete the message, is the person who created it. If the forum is not allowing users to modify or delete messages, then there's no need for this requirement.

All possible scenarios and features described above are available via the Privacy Control section of the admin panel on your message forum. You should be able to set up a "Private Message forum" in any configuration you desire, using the privacy options on your forum management/admin page.

If you have other questions or want to discuss in more detail any of the ideas above, call or email me.
Al Bennett - Tech Support
[email protected]
(321) 984-9080 9-5 EST US Mon-Fri