Setting up a private Message Forum|
The basic configuration of Private Message Forums restricts total
access to "Registered" members only.
there are several variations of the basic configuration, such as allowing some users access
to certain portions while restricting access to other portions. Another popular security
configuration is to allow non-members to view the forum, but only allow "Registered" members
to post messages.
There's also variations of the "Registration Process". The registration process
defines how a user becomes a "Registered" members. For example, users could be allowed
to "Register" without any oversight, or a forum could be configured to
not allow user registrations to become active, until approved by the forum
manager. Yet another configuration might be to only allow the board manager
to register members.
Following is a comprehensive list of the types of privacy features
possible, regardless of which message forum provider or
message forum software you use. You should be aware of these options
when setting up a Private Message Forum.
- Preventing access to the entire forum.
This is the basic privacy configuration most forums will use.
It ensures all users must login with a valid password
before access is given is give to view the forum.
- Preventing access to only a particular section of the forum.
This configuration allows certain types of access to certain
sections of the forum. For example, a certain section of the
forum may be only accessible by specific(privileged) users, or
perhaps a certain section of the forum can be viewed but not posted into.
- Preventing access to specific messages on the forum.
This is usually set up as an additional option where users
are allowed to post "Private" messages that are only visible to
- Enabling specific user access rights(e.g., user can view but not post).
This feature refers to the ability of the
forum manager to specify, at the user level, which rights a user
has. For example, a forum manager might specify that a particular user
could view messages, but not post/create messages.
- Registration only required for posting.
This type of configuration would allow anyone to view messages on the forum,
but they must register to post messages.
- Preventing access to the forum Management/Admin page.
There is always a special privacy control, i.e. manager's password, that
allows access to the forum's management or administration page.
- Giving specific users "Moderator" privilege/access.
Another type of privacy control allows the forum manager to designate
certain users as "Moderators". Moderators are given special privileges
above those of a normal user, such as the ability to Approve, Modify, and Delete
other user's messages. Ideally, you should be able to designate moderators for
the entire forum or just for specific section of the forum.
- Blocking users based on IP addresses, passwords, email addresses.
Another privacy control, should be the ability to block problem users
based on IP address, password, or email addressess.
- Identifying problem users.
Yet another privacy control, is a "ReportAbuse" link that allows any user
to easily report abuse observed by another user.
Privacy controls are usually implemented to ensure anyone accessing
the forum is a registered member, i.e. they have a valid password.
The access given a user is determined by the specific access
privileges associated with his/her password.
Several user registration scenarios can be implemented to provide users with
caveat: In all cases, it's a good idea to have the user's email address authenticated
during the registration process.
Email authentication ensures the email address the user enters during the
registration process, is a valid email address. This is usually done automatically
by the message forum software, by sending an authentication email to the new user
and awaiting an email reply from the user. Once the reply is received
the message forum software marks the email address as authenticated and allows
the registration process to continue.
System Wide password
Under this scenario the same password is given to all users. The advantage is that it
requires minimum effort to set up. The disadvantage is that if you have
a problem user, a new password must be created and distributed to
all users. This configuration does not allow the forum to
track and associate specific activities to individual users. For example, statistics
such as last visit, number of messages posted, etc. can't be
accumulated for each user.
forum Manager creates passwords
This is the most secure scenario, but also the most time consuming from
the forum manager's standpoint. Each user password is created by the
forum manager and then emailed/distributed to users.
User creates his/her own password but password requires forum manager approval
This scenario allows users to create their own password, however the
system does not activate a password until the forum manager has reveiewed and approved it.
User creates his/her own password and no management approval is required
This configuration is least secure, but requires no effort from the
forum manager's viewpoint, while still ensuring all users are registered.
Consider whether a password alone
will suffice or do you won't to impose an additional
security requirement by having users enter a username
as well as a password.
Saving a password
Consider if the forum provides an option that allows users
to "Save" their password, so that on subsequent visits
they will not be required to enter their password.
Email Address authentication
Ideally, the registration process should always be able to
automatically authenticate a user's email address during the
registration process. This ensures the email address
provided during the registration, actually belongs to the user.
Search engine traffic
You'll want to know if the privacy configuration
you put in place will prevent search engines from accessing your forum.
List Serv considerations
If your forum provides list serv capabilities, i.e. email notifications
of new messages posted, you'll want to ensure the privacy controls
you put in place for the forum, will apply to all list serv features.
Sometimes a forum manager will not put any privacy controls in place,
i.e., anyone can view and post messages, but still require
users to create a password when creating/posting a message. This is done
to ensure the only person who can modify or delete the message, is
the person who created it. If the forum is not allowing users to modify
or delete messages, then there's no need for this requirement.
All possible scenarios and features described above are
available via the Privacy Control section of the admin
panel on your BulletinBoards.com message forum. You should
be able to set up a "Private Message forum" in any configuration
you desire, using the privacy options on your forum management/admin page.