[wp-hackers] "commenter" user role

Otto otto at ottodestruct.com
Sat Mar 6 16:59:22 UTC 2010

On Sat, Mar 6, 2010 at 10:15 AM, scribu <scribu at gmail.com> wrote:
> What this implies is that all sites that have user registration open are
> insecure.

I prefer to think of it as "less secure". Security isn't a binary state.

>>  * It complicates the ability to support Anonymous commenters.
> Please explain.

Anonymous commenters, as in "no name or email". An anon comment. This
is supported by WordPress, even if most people require the name and
email fields to be filled in.

Essentially by linking to the user table you're either wanting to a)
not let comment authors be anonymous or b) wanting to pollute the
users table with a bunch of fake unverified informations.

>  * It opens the door to "dirty" the users table with tons of useless rows. I
>> had open registration on one of my sites for a while, in order to support a
>> plugin for a third-party login system, and in no time, I had tons of bogus
>> user registrations. Quite annoying.
> We could automatically remove commenters when they have no more comments on
> the site. Problem solved.

No, that doesn't really solve the problem of tons of crap in the users table.

> Just to clarify: open user registration would *not* be required for the
> "commenter" role proposal to function.

Yes, it should be linked to that option, because by making users,
you're implicitly giving the ability to log in to them. If somebody
can create an entry in the users table, then they have registered on
the site. That's what registration *is*.


More information about the wp-hackers mailing list