Everybody can change Admin password
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=9085
Printed Date: 07 April 2026 at 6:12pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Everybody can change Admin password
Posted By: FARSHAD
Subject: Everybody can change Admin password
Date Posted: 20 January 2004 at 8:57pm
|
I have a problem ( i think everybody ) ======================================= I am Administrator and i add my friend in admin group he can`t see " change administrator`s password " option in Admin page but he can change my password from Members List page by clicking on "edit user profile" button yes he is a member of Admin group but he can change "Administrator`s" password !!!!!?????? is this security????????!!!!!!!!!!!!!!!! what you think about this? this not good for my forum and site if anybody can solve this problem please tell me ============================================ Thanks |
Replies:
Posted By: bruce
Date Posted: 20 January 2004 at 10:30pm
| This has been an issue for awhile. I've been hoping for a fix also. |
Posted By: MadDog
Date Posted: 21 January 2004 at 12:52am
|
If you cant trust the other admin from not changing your password then i dont see why you have him set as one. I think this has been talked about a few times. Cant remember what -boRg- said about it though. ------------- http://www.iportalx.net" rel="nofollow"> 
|
Posted By: WebWiz-Bruce
Date Posted: 21 January 2004 at 3:33am
|
I agree with madDog. If in the admin gorup then the user is an Administrator as well. Just like on windows, everyone in the admin gorup is an adminstrator. ADMIN GROUP = ADMINISTRATOR with complete power over the board It is useful for other admins to change other admins passwords for thigs like when you forget your password, which is why this is a feature. Admins have the power to change all passwords, delete forums, posts, members, etc. and generally have complete power over all features on the forum. So if you don't trust someone, don't put them as an admin, set them as a moderator. I always say that on a board you should only ever have ONE ADMIN ACCOUNT. This will give you extra security as there are less accouts for a hacker to attack when trying to hack the forum. Also if you want to be extra secure only use the 1 admin account you have when you want to change things on the forum. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: msm_eg
Date Posted: 21 January 2004 at 5:31am
|
i dont agree about this piont if im an administrator and i have forget my password im gonna change it with opening my Db and change it manually by changeting the Password faild to a new password The administrator have to control everybody and no one control of him. ------------- i make what i want useing what i know |
Posted By: Badaboem
Date Posted: 21 January 2004 at 5:47am
Bit hard if the passwords are encrypted. This will only be possible with old versions of wwf. |
msm_eg wrote:Posted By: india
Date Posted: 21 January 2004 at 6:03am
Not necessary. Suppose you want to do it. install wwf on your pc. create a user account. this time DO NOT forget your password. open the database. look for the username and see the password and salt value of it. copy it and replace it it will help btw i myself dont agree with the pont. admins should not be able to change other admins password only master id should be able to also any admin shouldnt be able to change pass of master id borg, please look in this ------------- India http://mumbai2.netfirms.com |
Posted By: WebWiz-Bruce
Date Posted: 21 January 2004 at 6:43am
|
I think you are all missing the point. Anyone in the admin group is an administrator on the board (in other words anyone in the admin group is a God on your forum and can do anything they like including destroying your little world). They have full admin powers and can do anything in the forum they wish. It works just like in windows, if you add another user in windows to the admin gorup they have full control over the the windows OS, including changing anyone paswords. If you wouldn't give create a user on your PC for someone else in the admin group, then don't do it on your forum. If you don't want someone else to have FULL control of your forum, then don't place them in the admin gorup. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: dpyers
Date Posted: 21 January 2004 at 10:49pm
Administrators are like the Highlander... "There can be only one!" ------------- 
Lead me not into temptation... I know the short cut, follow me. |