[wp-hackers] "commenter" user role

Aaron Jorbin aaron at jorb.in
Fri Mar 5 22:53:50 UTC 2010

I disagree with you on both regards.

1:  A number of the security holes over the history of wordpress are
user escalation issues.  By registering everyone who ever leaves a
comment, you are opening up a number of sites to these.  While keeping
an up to date installation is obviously the best route,  restricting
registration is not a bad policy.  Would you allow anyone to walk up
to your home computer and create an account?

2.  This would be a pretty big change.  Up until now you had to
explicitly allow open registration.  What you're proposing is removing
that option from site admins.  I don't think the core should remove or
restrict options.

3.  I'm not convinced that this improves the database structure.  It
has the potential to vastly grow the user and user_meta fields.  Also,
how do you intend to handle the issue of sites that already have
thousands of comments?  I for one wouldn't appreciate waking up to the
day after 3.1 (or whenever this got implemented) is released to an
e-mail from every site that I've commented on with a user account.

twitter: twitter.com/aaronjorbin

On Fri, Mar 5, 2010 at 2:39 PM, scribu <scribu at gmail.com> wrote:
> On Sat, Mar 6, 2010 at 12:23 AM, Otto <otto at ottodestruct.com> wrote:
>> As long as this has a master off-switch, because there's no way I'd
>> ever implement such a thing on my sites.
>> My users table contains one user: me. It will never contain another.
> There's a word for that: irrational fear.
> On Sat, Mar 6, 2010 at 12:26 AM, Aaron Jorbin <aaron at jorb.in> wrote:
>> I'm with Otto on this one.  I think this would be a much better plugin
>> then core material.
> It's very much core material, since it improves the database structure.
> However, I do plan to take a stab at it in a plugin, first.
> --
> http://scribu.net
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list