[wp-trac] [WordPress Trac] #13791: Prevent comment author impersonation
WordPress Trac
wp-trac at lists.automattic.com
Thu Jun 10 03:03:16 UTC 2010
#13791: Prevent comment author impersonation
-------------------------+--------------------------------------------------
Reporter: mdawaffe | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.1
Component: Comments | Version: 2.9.2
Severity: normal | Keywords: has-patch
-------------------------+--------------------------------------------------
Comment(by filosofo):
> Impersonation of registered users by logged out users is caught by the
attached.
This is really going to annoy people who don't care whether they're logged
in or not, but just want to comment on posts.
* Someone who logs in to make posts, but then replies spontaneously (say
using mobile) without logging in--only to lose her comment to a cryptic
movie reference ('Howdy, Mr. Abagnale.').
* Someone who once created an account long ago for some reason, but now
returns to make a comment only to lose it upon submission.
Perhaps more importantly, this approach fails at its ostensible purpose,
which is to assure readers that a given commenter is who it says it is:
* If a site requires login for commenting, then this isn't a problem
currently.
* If a site does not require login for commenting, then readers can have
no certainty that a given comment hasn't been spoofed, because they likely
do not know whether the actual commenter is a registered user. For most
sites they don't even have ''probable'' confidence, because the vast
majority of comments will have been made by those not logged in, which
implies that only a minority can possibly be helped by anti-spoofing.
Consider the fact that spoofed comments are a slim minority of comments,
and what this approach amounts to is many legitimate users being irritated
with only slight confidence that the bad guys are being thwarted. Like
airport security procedures? :)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13791#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list