[wp-hackers] "commenter" user role

Mike Schinkel mikeschinkel at newclarity.net
Sat Mar 6 03:36:08 UTC 2010


On Mar 5, 2010, at 9:52 PM, Hikari wrote:
> Better not force visitors to login to comment...

I'm pretty sure nobody on this thread was suggesting that visitors be forced to login to comment[1].  I know I've been thinking that a comment would just be recorded as a comment as it always has been.  

But it could really open up lots of useful functionality such as allowing people to mark comments using their email as not their comments.

> but sites that most commentators add only 1 comment and never come back, even to read the answer (I have some of those in my sites 
> and I hate it!), and a bunch visitors that add 2 or 3 comments only, it would just flood wp-users with useless data that hackers and 
> spam comments could use to hijack the site

With better tools to enable and encourage comments (which this could be the base of), there might be fewer one time commenters...

> I'd really not feel confortable having commentators sharing the same user table I use, with a little database query being enough to 
> let they do anything they want

How does a record in a database make a site less secure?  It's only less secure if the site enables them to login using that database record which by default should be disabled, right?

> ATM my wp-comments have 561KB with 491 comments, wp-posts have 9MB with 281 posts, and wp-users have 4KB with me
> 
> if 150 of those comments would generate 4KB in wp-users, it would be 150 users that I can't delete and that will never come back, 
> bloating it with 600KB, exactally the size of wp-comments today
> 
> how much would wp-comments shrink with the change? 80KB?

Is 600KB really a concern? Does your web host charge for disk space by KB?   600KB is many orders of magnitude less than a low end machine running MySQL can handle.

On Mar 5, 2010, at 10:22 PM, William Canino wrote:
> Before anything else, the English word is "commentator".  "Commenter"
> is not a word. :)

Uh, ya sure?

http://dictionary.reference.com/browse/commenter
http://dictionary.reference.com/browse/commentator

Or did I miss the <sic>? :)

> I think all you mean is adding an extra functionality to the existing
> "Only registered users may comment" feature.  In other words, you want
> to combine registration and commenting in one step, in one html form.

Not exactly, at least not me.  For it's all commenters who get stored in the wp_users table.

> Guys, let's not fret about the security implications here.  Any
> blogger who wants this is already using the  "Only registered users
> may comment" feature.

Ditto.

> No, this should produce an error, e.g., "email already exists. please
> login instead".  If the commentator wants to change his name, he can
> visit his Edit Profile screen.  As of today, as you know, this doesn't
> change the name displayed in all his past comments.

Grandma Bettie won't like that... ;-)

-Mike

[1] A major client of mine and a fortune 100 company demanded we require all people to create an account *before* they could comment *and* their goal of the site was to drive social engagement, LOL!  Let me tell you how frustrating *that* was! :-)  



More information about the wp-hackers mailing list