[wp-hackers] "commenter" user role
mikeschinkel at newclarity.net
Sat Mar 6 03:36:08 UTC 2010
On Mar 5, 2010, at 9:52 PM, Hikari wrote:
> Better not force visitors to login to comment...
I'm pretty sure nobody on this thread was suggesting that visitors be forced to login to comment. I know I've been thinking that a comment would just be recorded as a comment as it always has been.
But it could really open up lots of useful functionality such as allowing people to mark comments using their email as not their comments.
> but sites that most commentators add only 1 comment and never come back, even to read the answer (I have some of those in my sites
> and I hate it!), and a bunch visitors that add 2 or 3 comments only, it would just flood wp-users with useless data that hackers and
> spam comments could use to hijack the site
With better tools to enable and encourage comments (which this could be the base of), there might be fewer one time commenters...
> I'd really not feel confortable having commentators sharing the same user table I use, with a little database query being enough to
> let they do anything they want
How does a record in a database make a site less secure? It's only less secure if the site enables them to login using that database record which by default should be disabled, right?
> ATM my wp-comments have 561KB with 491 comments, wp-posts have 9MB with 281 posts, and wp-users have 4KB with me
> if 150 of those comments would generate 4KB in wp-users, it would be 150 users that I can't delete and that will never come back,
> bloating it with 600KB, exactally the size of wp-comments today
> how much would wp-comments shrink with the change? 80KB?
Is 600KB really a concern? Does your web host charge for disk space by KB? 600KB is many orders of magnitude less than a low end machine running MySQL can handle.
On Mar 5, 2010, at 10:22 PM, William Canino wrote:
> Before anything else, the English word is "commentator". "Commenter"
> is not a word. :)
Uh, ya sure?
Or did I miss the <sic>? :)
> I think all you mean is adding an extra functionality to the existing
> "Only registered users may comment" feature. In other words, you want
> to combine registration and commenting in one step, in one html form.
Not exactly, at least not me. For it's all commenters who get stored in the wp_users table.
> Guys, let's not fret about the security implications here. Any
> blogger who wants this is already using the "Only registered users
> may comment" feature.
> No, this should produce an error, e.g., "email already exists. please
> login instead". If the commentator wants to change his name, he can
> visit his Edit Profile screen. As of today, as you know, this doesn't
> change the name displayed in all his past comments.
Grandma Bettie won't like that... ;-)
 A major client of mine and a fortune 100 company demanded we require all people to create an account *before* they could comment *and* their goal of the site was to drive social engagement, LOL! Let me tell you how frustrating *that* was! :-)
More information about the wp-hackers