[wp-trac] [WordPress Trac] #13791: Prevent comment author impersonation

WordPress Trac wp-trac at lists.automattic.com
Thu Jun 10 20:46:36 UTC 2010 

#13791: Prevent comment author impersonation
-------------------------+--------------------------------------------------
 Reporter:  mdawaffe     |       Owner:           
     Type:  enhancement  |      Status:  new      
 Priority:  normal       |   Milestone:  3.1      
Component:  Comments     |     Version:  2.9.2    
 Severity:  normal       |    Keywords:  has-patch
-------------------------+--------------------------------------------------

Comment(by mdawaffe):

 Replying to [comment:4 filosofo]:
 > This is really going to annoy people who don't care whether they're
 logged in or not, but just want to comment on posts.
 >  * Someone who logs in to make posts, but then replies spontaneously
 (say using mobile) without logging in--only to lose her comment to a
 cryptic movie reference ('Howdy, Mr. Abagnale.').
 >  * Someone who once created an account long ago for some reason, but now
 returns to make a comment only to lose it upon submission.

 I consider this a Proof of Concept, not a final implementation.  A better
 UX would be to offer a pre-filled comment form (or redirect back to the
 referrer with the form prefilled), and offer the chance to change the
 email address or log in.


 > Perhaps more importantly, this approach fails at its ostensible purpose,
 which is to assure readers that a given commenter is who it says it is:
 >  * If a site requires login for commenting, then this isn't a problem
 currently.

 Yes it is.  There is a CSRF vulnerability here.

 >  * If a site does not require login for commenting, then readers can
 have no certainty that a given comment hasn't been spoofed, because they
 likely do not know whether the actual commenter is a registered user.  For
 most sites they don't even have ''probable'' confidence, because the vast
 majority of comments will have been made by those not logged in, which
 implies that only a minority can possibly be helped by anti-spoofing.

 It'd be easy to add some style to the comment by a registered user.


 > Consider the fact that spoofed comments are a slim minority of comments,
 and what this approach amounts to is many legitimate users being irritated
 with only slight confidence that the bad guys are being thwarted.  Like
 airport security procedures? :)

 See above UX considerations.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/13791#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list