Setting up a private Message Board (Forum)
This page describes different privacy features available on internet message boards.
The basic configuration of a Private Message Board restricts
access to "Registered" members only.
However,
there are several variations on this basic configuration.
One alternative allows certain users access
to specific sections/forums while restricting access to other sections.
Another popular configuration allows non-members to view a board,
but only allows "Registered" members to post messages.
There's also variations of the "Registration Process". The registration process
defines how a user becomes a "Registered" member. For example, users can be allowed
to "Register" without any oversight. Another configuration might
allow a user to register, but his registration would only become active when approved by the board
manager. Yet another configuration could prevent users from registering altogether,
and instead only allow the board manager to register members.
Following is a comprehensive list of the types of privacy features
possible, regardless of which message board provider or
message board software you use. You should be aware of these options
when setting up a Private Message Board or Forum.
Privacy Features
- Preventing access to the entire board.
This is the basic privacy configuration most boards will use.
It ensures all users must login with a valid password
before access is given is give to view the board.
- Preventing access to only a particular section of the board.
This configuration allows certain types of access to certain
sections of the board. For example, a certain section of the
board may be only accessible by specific(privileged) users, or
perhaps a certain section of the board can be viewed but not posted into.
- Preventing access to specific messages on the board.
This is usually set up as an additional option where users
are allowed to post "Private" messages that are only visible to
specific users.
- Enabling specific user access rights(e.g., user can view but not post).
This feature refers to the ability of the
board manager to specify, at the user level, which rights a user
has. For example, a board manager might specify that a particular user
could view messages, but not post/create messages.
- Registration only required for posting.
This type of configuration would allow anyone to view messages on the board,
but they must register to post messages.
- Preventing access to the Board Management/Admin page.
There is always a special privacy control, i.e. manager's password, that
allows access to the board's management or administration page.
- Giving specific users "Moderator" privilege/access.
Another type of privacy control allows the board manager to designate
certain users as "Moderators". Moderators are given special privileges
above those of a normal user, such as the ability to Approve, Modify, and Delete
other user's messages. Ideally, you should be able to designate moderators for
the entire board or just for specific forums on the boards.
- Blocking users based on IP addresses, passwords, email addresses.
Another privacy control, should be the ability to block problem users
based on IP address, password, or email addressess.
- Identifying problem users.
Yet another privacy control, is a "ReportAbuse" link that allows any user
to easily report abuse observed by another user.
|
Registration Scenarios
Privacy controls are usually implemented to ensure anyone accessing
the board(forum) is a registered member, i.e. they have a valid password.
The access given a user is determined by the specific access
privileges associated with his/her password.
Several user registration scenarios can be implemented to provide users with
a password.
-
System Wide password
Under this scenario the same password is given to all users. The advantage is that it
requires minimum effort to set up. The disadvantage is that if you have
a problem user, a new password must be created and distributed to
all users. This configuration does not allow the board to
track and associate specific activities to individual users. For example, statistics
such as last visit, number of messages posted, etc. can't be
accumulated for each user.
-
Board Manager creates passwords
This is the most secure scenario, but also the most time consuming from
the board manager's standpoint. Each user password is created by the
board manager and then emailed/distributed to users.
-
User creates his/her own password but password requires board manager approval
This scenario allows users to create their own password, however the
board does not activate a password until the board manager has reveiewed and approved it.
-
User creates his/her own password and no management approval is required
This configuration is least secure, but requires no effort from the
board manager's viewpoint, while still ensuring all users are registered.
caveat: In all cases, it's a good idea to have the user's email address authenticated
during the registration process.
Email authentication ensures the email address the user enters during the
registration process, is a valid email address. This is usually done automatically
by the message board software, by sending an authentication email to the new user
and awaiting an email reply from the user. Once the reply is received
the message board software marks the email address as authenticated and allows
the registration process to continue.
|
Other Considerations
Password/Username
Consider whether a password alone
will suffice or do you won't to impose an additional
security requirement by having users enter a username
as well as a password.
Saving a password
Consider if the board provides an option that allows users
to "Save" their password, so that on subsequent visits
they will not be required to enter their password.
Email Address authentication
Ideally, the registration process should always be able to
automatically authenticate a user's email address during the
registration process. This ensures the email address
provided during the registration, actually belongs to the user.
Search engine traffic
You'll want to know if the privacy configuration
you put in place will prevent search engines from accessing your board.
List Serv considerations
If your board provides list serv capabilities, i.e. email notifications
of new messages posted, you'll want to ensure the privacy controls
you put in place for the board, will apply to all list serv features.
Modifying/Deleting messages
Sometimes a board manager will not put any privacy controls in place,
i.e., anyone can view and post messages, but still require
users to create a password when creating/posting a message. This is done
to ensure the only person who can modify or delete the message, is
the person who created it. If the board is not allowing users to modify
or delete messages, then there's no need for this requirement.
All possible scenarios and features described above are
available via the Privacy Control section of the admin
panel on your BulletinBoards.com message board. You should
be able to set up a "Private Message Board" in any configuration
you desire, using the privacy options on your board management/admin page.
|
|