[wp-hackers] "commenter" user role

Hikari lists at hikarinet.info
Sat Mar 6 22:02:01 UTC 2010 

----- Original Message ----- 
From: "Mike Schinkel" <mikeschinkel at newclarity.net>
Sent: Saturday, 06 March, 2010 2:55 AM



| Have you been reading my replies, or just skimming them?  I (and
| others) have said that storing commenters in the wp_users table with
| a role of "commenter" would not require registration or login in order
| for someone to comment. The user experience would be (almost)
| identical to what it is now.

Some said that, but some said other ideas too.

My concern is regarding a wp-users row, which needs just a role change to become admin. Without a password it may become more secure 
or less secure depending on how it's implemented, but I'd really not like wp-users rows being created as a result of a comment. Not 
worthy the security risk.



| > just create a plugin for it
|
|
| Sure, but then you don't get said pages nicely themed with the off-the-shelf themes most people are using these days.

just hook a filter to comment_author_link and no theme will need to be changed

also don't expect theme authors, with all the love they receive, to be happy if core requires them to change their outdated themes 
to support this feature :p


| You are not listening...  I have not suggested that anyone be required to register in order to be able to comment (that'd be 
foolish, in most cases.)

I've just read somebody saying that this feature is only for people that is already forcing registration to allow commenting, and 
somebody else agreed o.O

But I also read in the begining of the talk that the objective was to reduce database size on avoiding duplicates in wp-comments, 
which turned back to duplicates using metadata to store multiple different data for the same person, and I pointed out that moving 
commentators data to wp-users on a site with a lot of commentators that make only 1 comment would increase database size indeed, and 
this size is insignificant anyway :p



| > That's a great idea and I'd love it. But would you use wp-posts JOIN wp-postmeta for login, rules, permissions and security 
matters?
|
| Maybe; that would be up for discussion.  I was just proposing it for the idea and if adopted the community would figure it out.

"2 posts are logged in ATM, they are on themselves posts", that would be funny to read :D


| > I'd rather hook an action upon user creation, which would automatically create a custom typed post, and design a profile page 
where
| > he'd fill his profile, which would be stored in his post's metadata, and have the "post" filled automatically.
|
| The downside there is you have to maintain parallel synchronized records.  Not a huge issue, but they can get out of sync when 
exporting or in other edge cases. But when you look at it there really isn't a need for a separate user table, a user is just 
another type of content.

No parallel records. Everything wp-users and user metadata stores will remain there, and postmeta will store everything else :)


| This debate is circular.  Yes, any of those things can be done.  But why
| have the extra tables when the core wp_posts table works so well for it
| and adds all the features that is adds?

well, for commentators, wp-posts is definetely better than wp-users

but I'd still prefere a wp-commentators table, I've already disabled revisions and drafts to not just posts ID

a new table is not the end of the world, my site has 38, and if we considers the risks of having simple commentators lying on 
wp-users, a table to store them is the next logical idea


| BTW, I didn't say different emails, email would be the PK.

ok :)


| > | I bet if you can survey the top 25 high traffic blogs on WordPress
| > | that haven't already implemented similar custom user/commenter
| > | functionality most would prefer commenters be recorded as users
| > | because of the additional user engagement opportunities that would
| > | provide them.
| >
| > This need can be solved with a plugin with a new wp-commentators table, and linking each comment to its rows.
|
| What can be solved with a plugin?  I didn't specify anything other than to say that I believed (and we could survey) high traffic 
would not be concerned about adding "bulk" to the wp_users table and instead would prefer  the "freebie" benefits that would come 
with having all commenters in the wp_users table.  My guess is they wouldn't be concerned about growing there user table by the 
amounts that would be required. Yes I could be wrong hence if "bulk" is the reason not to we should ask the people it would affect 
the most if they care about said bulk.
|


Wait, if these high traffic sites are already letting users login, for sure they'll want commentators stored in wp-users. But if 
they aren't, they won't like it.

And high traffic sites can still be administrated by security noobs that will only want the feature working and only bother with 
hacking after their high traffic sites are not high traffic anymore.



I still don't get why commentators should be stored in wp-users at all. If it's just to store their data, a new table can solve it. 
If they won't be required to create account and deal with it, a new table can solve it. But if they will have an account, or if a 
new feature will handle with current users too, than just use wp-users and leave it in a plugin.

I know, many ppl have different needs regarding this subject and they diverge in their ideas too :p



| > Currently registered users? Add a field to wp-commentators that FK wp-users, or simply the plugin uses wp-users and gets the
| > responsibility for it.
|
| Adding a wp_commenters table would not be smart.  That reminds me of QuickBooks with separate Vendors and Customers which is truly 
a nightmare when your vendors are also your customers (which is exactly how a business I ran for 12 years operated.)  Having 
multiple tables for people is just a bad idea, period.  I have too much painful experience to ever want to go through that again 
without putting up a serious fight.


But we are not talking about e-commerce here...

Commentators are people, and use and interact with our site. But wp-users is too powerful, detailed and risky *if* all we need is 
take 3 fields out of wp-comments and add a FK field to it.

Only if new features are developed that require more user interaction than simply commenting, and that would require them to 
register, that wp-users would be worth it.

But some ppl wanna automatically add rows to wp-users without giving them passwords and letting them login. For this need, wp-users 
is not a good place to store commentators, because even though they are already people, their usage differ a lot from registered 
users.

Again, would you create a user account to every visitor of your site? They are people too, and a stat plugin could use it...



| > | With better tools to enable and encourage comments (which this could be the base of), there might be
| > | fewer one time commenters...

See? Which new features would these be?

Commenting is *not* something that justify using wp-users. "better tools to enable and encourage comments", that would require 
registration and login, could be.



| Then you are not doing a very good job of creating a loyal readership,
| you are just being SEO opportunistic, not a great long term strategy
| as content farms work to capture more and more SEO traffic (see
| http://www.readwriteweb.com/archives/content_farms_impact.php)

well I'm not specialist on this subject, and I myself only go back to 2 or 3 sites often. Most Wordpress sites are not forums, and 
most ppl don't read large texts.

As I said before, there are ppl like multiply.com users that create account for commenting and start blogging after it. I hardly 
would create account on an unknown site just for comment on it.


| Sorry but your current traffic pattern isn't a reason to limit use of best practices in the core.

I just mentioned an exemple I know. Will you say that most Wordpress users have high traffic and loyable commenters? I have a few 
BTW.

Note Wordpress is a CMS, not  a traffic saver. What keeps ppl coming is the content.


| > But don't take me wrong, I'd love a plugin with more features related to commentators. As long as I'm not forced to share my
| > wp-users with them :P
|
| Other than superstition I haven't heard a reason from you why having commenters in wp_users is bad.

With only active users having account, their password would need to be hacked to hack the site.

Could you copy here the 2.9.2 launching text?



| > I understand some sites wanna have users account and stuff, but some sites also don't.
|
| Commenters don't have to appear in the default user list in the admin, so why is it a problem?  We store things in a database 
where they make the most sense and then create a UI that makes the most sense; one does not have to drive the other.

hackers don't use normal UIs...



| By putting commenters in wp_users you get to use wp_usermeta to allow you to start storing information relevant to commenters, 
i.e. cached_avatar, last_comment_date, number_of_comments, twitter_screen_name, facebook_url, linkedin_url and whatever else some 
plugin wants to add about a commenter. The new authors template becomes usable for commenters.  And all plugins for users with a 
tiny bit of tweaking (or none at all) become usable with commenters too, i.e. "Bind user to category", "Users to CSV", "Extended 
User Profile", "User Theme", etc.


Now we have some features! :D

Some of those would require a profile page to be worthy, and others would require commentator filling a form. THAT's user-like 
stuff, that justify wp-users. And user registration and login, at least so that they can update their data.

If I'd want those features, I'd open public registration. When I don't want them, I'd want commentators out of wp-users!



To fit all needs, how about leaving wp-comments alone, using current user registration features, and attach new features to it?

When a user is interested on those features, he registers an account. When a comment is done by a user, a plugin filter ignores 
wp-comments fields and load data from wp-users/meta, and all new features are added as usermeta.


As I've pointed, wp-comments is not a size eater at all, and we already have comments attached to users. So all your basic needs are 
already there.

Only problem seems to be that commentators data is still being loaded from wp-comments, even for registered users. As I said a 
filter can solve that, with the advantage of being backward compatible for when visitors only wanna comment and don't wanna register 
account at all.

Remembering there is already a feature to force registration for commenting. In this case just leave those wp-comments fields 
obsolete and empty.

All this is pretty much plugin doable.



| Note that wp_commentmeta relates to a comment, not to a user so it isn't he equivalent of wp_usermeta.

for sure, I think we all agree on adding commentators to a specific table to fit your needs, we only disagree on which table to use 
:P

if commentators need registration and login => wp-users
if you only wanna store commentators data to a table => get out of my wp-users!!



| > Because wp-users is ... to store data from users that are *more than guests*,
| > that should be remembered when they come back, and that potencially can
| > have their account promoted to a bigger rule in the site.
|
| By whose decree?  The point is that AFAIK there isn't a defining requirement that the wp_users table be for "more than guests"; 
why should it be?  That's what you've believed it to be and that's what you prefer it to be (because it's been that way thus far?) 
but it doesn't have to stay that way.


I believe (:P) all site admins agree that rarely a commentator will get promoted to a bigger rule in the site, even for sites that 
let commentators register accounts.

I see accounts as users that do more stuff than simply visit the site and read its content and simply comment.

In the case a popular commentator wanting and being invited for a bigger rule, then he registers an account.


Yes yes it's possible and many sites let commentators register accounts, some even force it. I myself even like the idea of having 
to login to comment so that we can know each commentator is really him and not a fake.

But it's optional by the core. Admin can enable it to be forced, at the same time he can block account registration. I don't really 
think this vast optional behavior should be changed, narrowing admin power over his site.


I'd like to know when a coming back commentator is really him because he login, but I don't think the security risk is worth it.

Note I'm in no way saying u must agree with me or saying u shouldn't let or force commentators or visitors to register accounts 
(just remembered private posts that require login to be viewed...), or even automatically create new users upon comments. You can do 
it howerver u want.

I'm saying that forcing other ppl to do it won't work. And if ppl don't want more users in wp-users, they have the right to keep it 
clean. We're blessed this is possible now.


If you guys want new features that require wp-users, just develop a base plugin with the base features, and then develop other 
plugins that require it to work. Everybody will be happy.



| > What's the problem with that? 2.9.2 as I remember was released to fix a security
| > bug related to sites that let commentators have accounts...
|
| Good thing they fixed that bug then, problem solved. ;-)

good thing?...

do you remember a bug that made lots of WP sites be hacked, we had to verify in our wp-users (ops!) if there were new users created 
by the hacking, and verifying it was much easier for sites with few users (ops!!!)??


having an account in wp-users is a step behind of being admin and having full control of the site, all you need is a rule change, 
that among other methods can be done directly in mysql!

don't think hackers will be stopped just because those accounts don't have a password



| > Nice, if that's not a concern, leave wp-comments alone, with each comment storing
| > its commentator data, and with Wordpress dealing with cookies so that this data is
| > remembered when he comes back wanting to make another comment.
|
| I don't care about the space, I care about the newly enabled functionality.

ok, use wp-users then :)

make it a plugin, and take responsibility over the security :D



| > I thought the original need behind this idea was to shrink space from wp-comments
| > with not duplicating data from the same commentator :P
|
| But not my reason for supporting the idea.  Next...

so that comment wasn't meant to you -.-'



| > I hate multiply and blogging sites like that. I google something, am thrown to a post
| > on a blog on it, wanna comment, and they want me to register. And have a blog there
| > so I can comment! And the incredible thing is that there are ppl blogging there! Even more
| > interesting is that most of those bloggers, are old aunties, something like Betie we're talking :P
|
| On this we can agree today. :)

so make sure the plugin won't force ppl to register so they can "become a commenter" ;)



| > But... your client is paying you to do what he wants. Your job is to identify wrecking ideas
| > before they are implemented and warn your client about it. If he insists, it's his responsibility :P
|
| Actually, my client (Interactive Agency) was paying me to implement what their client (local Fortune 100) wanted. My opinion on 
that project never made it to the big client because my client only wanted to do what their client asked for, nothing more. OTOH, 
they paid me well, and the site doesn't have many commenters so, whatever.

ok, who asked you to do it and who you can contact is your client, even if the budjet doesn't come from him

your only concern should be that nobody blames you later for something you did knowing wouldn't work



----- Original Message ----- 
From: "Dougal Campbell" <dougal at gunters.org>
Sent: Saturday, 06 March, 2010 12:56 PM


|  * It's a security concern: by keeping commenters out of the regular
| users table, you eliminate a class of security violations: unauthorized
| privilege escalation. If the commenter doesn't have any "real" user
| credentials, there are whole swathes of the core code paths that become

This resumes everything I've said.

Don't be concerned with security put it in the core and later we'll have security updates becouse of your code and ppl will come 
blame WP devs for not worrying with security.

wp-users table is related with access permission, the best way to keep is secure is leave it clean and only give an account to ppl 
that really need one.

Yes, there are sites full of users, mines don't and I like it this way.

If somebody starts neglecting the risks and throwing all sort of features over wp-users, which includes all kind of "users" and 
codes that load and store data on that table, soon we'll have happy hackers exploiting it.


Anybody wanting to have a bunch of ppl registered so that features can be implemented, take some good time thinking if these 
features can be implemented without colliding with access, permission and security codes.

IMHO, it IS worthy duplicating some KBs and having 2 tables both dealing with users.

If I could choose, I'd even move current registered users that only exists for commenting to a separate table, and make wp-users 
even more restrict. Those sites that have open registration and only offer registered comments to these accounts would for sure 
become more secure. It it could be done, I'd probably open registration for commentators on my sites.



---------------------------
Hikari -  A Luz ilumina a PAZ
http://Hikari.ws
http://ConscienciaPlanetaria.com

Tenha seu próprio email meunome @ ConscienciaPlanetaria.com.br!: http://seunome.ConscienciaPlanetaria.com.br

More information about the wp-hackers mailing list