[wp-hackers] "commenter" user role

scribu scribu at gmail.com
Sat Mar 6 16:15:59 UTC 2010


On Sat, Mar 6, 2010 at 5:56 PM, Dougal Campbell <dougal at gunters.org> wrote:

>  * It's a security concern: by keeping commenters out of the regular users
> table, you eliminate a class of security violations: unauthorized privilege
> escalation. If the commenter doesn't have any "real" user credentials, there
> are whole swathes of the core code paths that become inaccessible. An
> example of a privilege escalation can be as simple as the recent buglet that
> allowed unauthorized registered users to peek into the Trash. But it
> obviously, there *could* be more serious implications, if somebody forgets
> to put a capability check into place somewhere else.
>

What this implies is that all sites that have user registration open are
insecure.



>  * It complicates the ability to support Anonymous commenters.
>

Please explain.


 * It opens the door to "dirty" the users table with tons of useless rows. I
> had open registration on one of my sites for a while, in order to support a
> plugin for a third-party login system, and in no time, I had tons of bogus
> user registrations. Quite annoying.
>

We could automatically remove commenters when they have no more comments on
the site. Problem solved.

Just to clarify: open user registration would *not* be required for the
"commenter" role proposal to function.


-- 
http://scribu.net


More information about the wp-hackers mailing list