On a well designed, security conscious forum they shouldn't, but....
As a general rule, any information you give to a web site can be seen by the owners of that site. You just have to decide how much do you trust them...
On most forums, no. On some forums? It's possible. When you put a password in to a site, there's no guarantee the owner can't see it.
Most forum software will encrypt passwords in the database. This offers some protection from your password being compromised if the site is hacked or the administrator looks through the database. Any forum operator with enough know how could change the system so it doesn't encrypt passwords or sends them a plain-text copy, though.
Login pages can be rigged such that all usernames and passwords sent via the form are recorded to a log file. Use a different password for each website.
Some fora, I know DS does, have the feature activated within vBulletin that automatically stars your password out if you type it on the forum. Like this:-
Some fora, I know DS does, have the feature activated within vBulletin that automatically stars your password out if you type it on the forum. Like this:-
Most common forum software packages - I've used Vbulletin and PhpBB - have (or had, versions differ) a function that "allows" admin to take over a user's account and permissions to fault-find if the FM is experiencing difficulty. IIRC this also allows them to do a "user's" reset of the password...
Most common forum software packages - I've used Vbulletin and PhpBB - have (or had, versions differ) a function that "allows" admin to take over a user's account and permissions to fault-find if the FM is experiencing difficulty. IIRC this also allows them to do a "user's" reset of the password...
I'm not sure that would reveal the password, though. Admins can usually set a new password without going through the process of logging in as a user or doing it by the "forgotten password" front-end. Go through the front-end and I don't think most forum software now sends a plain-text password, they either generate a new one or provide a link to set a new one. Most forum software is pretty good in this regard, though there's little stop an experienced person modifying their own forum to get around this.
There was a hosted forum platform I used many years ago which had a security snafu similar to this. They sent the actual password in plain-text response to a forgot password request. In combination with another otherwise mundane feature, allowing admins to edit user's profiles and change their email addresses without notifying the user, you could quite easily get any user account's password sent to you.
suncity
Posts: 368
Comments
Yours is Apartheid.....right?:D
As a general rule, any information you give to a web site can be seen by the owners of that site. You just have to decide how much do you trust them...
Most forum software will encrypt passwords in the database. This offers some protection from your password being compromised if the site is hacked or the administrator looks through the database. Any forum operator with enough know how could change the system so it doesn't encrypt passwords or sends them a plain-text copy, though.
********************************
****************
It really works!
Most common forum software packages - I've used Vbulletin and PhpBB - have (or had, versions differ) a function that "allows" admin to take over a user's account and permissions to fault-find if the FM is experiencing difficulty. IIRC this also allows them to do a "user's" reset of the password...
There was a hosted forum platform I used many years ago which had a security snafu similar to this. They sent the actual password in plain-text response to a forgot password request. In combination with another otherwise mundane feature, allowing admins to edit user's profiles and change their email addresses without notifying the user, you could quite easily get any user account's password sent to you.