[wp-trac] [WordPress Trac] #13791: Prevent comment author impersonation

WordPress Trac wp-trac at lists.automattic.com
Thu Jun 10 03:03:16 UTC 2010


#13791: Prevent comment author impersonation
-------------------------+--------------------------------------------------
 Reporter:  mdawaffe     |       Owner:           
     Type:  enhancement  |      Status:  new      
 Priority:  normal       |   Milestone:  3.1      
Component:  Comments     |     Version:  2.9.2    
 Severity:  normal       |    Keywords:  has-patch
-------------------------+--------------------------------------------------

Comment(by filosofo):

 > Impersonation of registered users by logged out users is caught by the
 attached.

 This is really going to annoy people who don't care whether they're logged
 in or not, but just want to comment on posts.
  * Someone who logs in to make posts, but then replies spontaneously (say
 using mobile) without logging in--only to lose her comment to a cryptic
 movie reference ('Howdy, Mr. Abagnale.').
  * Someone who once created an account long ago for some reason, but now
 returns to make a comment only to lose it upon submission.

 Perhaps more importantly, this approach fails at its ostensible purpose,
 which is to assure readers that a given commenter is who it says it is:
  * If a site requires login for commenting, then this isn't a problem
 currently.
  * If a site does not require login for commenting, then readers can have
 no certainty that a given comment hasn't been spoofed, because they likely
 do not know whether the actual commenter is a registered user.  For most
 sites they don't even have ''probable'' confidence, because the vast
 majority of comments will have been made by those not logged in, which
 implies that only a minority can possibly be helped by anti-spoofing.

 Consider the fact that spoofed comments are a slim minority of comments,
 and what this approach amounts to is many legitimate users being irritated
 with only slight confidence that the bad guys are being thwarted.  Like
 airport security procedures? :)

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/13791#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list