after we log in to LYN server, our browser has to send a cookie file to the server, in order to load our usual setting, and our last activity...

but a thing comes to my wonder, can the mods view that cookie file?
it can be viewed by typing: javascript:alert("Cookies: "+document.cookie) at the address bar, and it contains member_id, unique_id ..

No, moderators will not be able to snoop your cookies. They are used for login, some user preferences and Google analytics.

then how about those higher rank such as staff and admins?

or is that mean No One Human would have access to cookies?

nexus-, se7en, and I have access to the webserver and we can view it if we really wanted to. Any party that controls the path between you and the webserver can view it too, if they really wanted to.

Except for these extraordinary cases, only the forum software, google analytics, and possibly the javascript ads will be mucking around with your cookies.

I don't know wht but with Firefox and viewing forum.lowyat.net, my system will lag for a moment and the page is showing "static.lowyat.net"

It is so irritating and how to fix it? Something wrong with the site?

static.lowyat.net should be fast. It's likely to be the ads, some of which are sourced from external servers.

cookies i think can view..... the password not inside rite?
password if i not mistaken nobody maybe except ipb developers can view, encrypted until admin also cannot view i think

The cookie stores a hashed version of the password. Erm but it's not as if we need it anyway if we wanted to look into your personal stuff. We're not a bank with multiple layers of authorization and auditing - we're just a simple forum. This something you have to come to grip with, with most smaller websites. You can either put faith in the admins' professionalism, or you could be.. PARANOID

And although that password cookie is hashed, when you login it's sent in the clear. It's trivial to capture the password it at that login point, simply by saving the user/password fields of the form. It's also trivial for a third party to perform a replay attack with your cookie if he manages to get hold of it.

is it used to check whether an ID is a multiple of another existing ID?

Yups, it's one of the instruments used.

so, it mean the password can be seen if admin want to??
how about the PM??

Your question has been answered in post #8.

What about RBR?
He's one of the admin too, no?

Sorry, just passing by only, and see this as an interesting topic...

RBR is also one of the forum admin
i guess wkkay forgot bout him
his going to be mad

RBR's a forum admin too but he handles the general administrative stuff. His expertise lies not in coding or server administration, but elsewhere. So, RBR no touchy touchy the web and DB servers, or we'll spanky spanky him

The people who can access the web server can easily read any of the data you send/receive. That includes your passwords, private messages, browsing habits etc.

The thing is, the admins normally have better things to do than to sniff through your private information. Nothing you use on the internet is ever truly private unless you own the entire infrastructure. Streamyx, hotmail, gmail, google etc have loads of data on you too.

So those of you who are paranoid, you might want to stop using the internet