[wp-hackers] "commenter" user role

Stephen Rider wp-hackers at striderweb.com
Sun Mar 7 19:34:15 UTC 2010 

Okay, responding to a whole lot of people here....

Starting off, just for perspective -- I'm all for making Comments in a Post type, if it makes sense to do so.  We've essentially established that "Post" really means "Content", and comments are certainly a type of content.

However, I don't support making all commenters into Users.  That point is the main focus of the rest of this email.

On Mar 5, 2010, at 9:22 PM, William Canino wrote:

> Guys, let's not fret about the security implications here.  Any
> blogger who wants this is already using the  "Only registered users
> may comment" feature.

Actually, I think you have it exactly backwards. The  "Only registered users may comment" feature is primarily for things like spam control, or specific use cases where the site wants more involved interaction with readers.

The more security conscious admin right now (generally speaking) does *not* let outsiders register at all -- unless they have specific reason to allow it.

The main security concern regarding making all commenters into users is that being a user -- of any type -- is a point of access to the system and a significant step toward hacking the site.  Several times in the past a vulnerability in WP has come up related to Subscribers being able to elevate their own privileges.


On Mar 6, 2010, at 8:14 PM, scribu wrote:

> Hikari, please stop writing non-sequiturs emotional arguments and regarding
> security. Thanks.

On Mar 5, 2010, at 11:55 PM, Mike Schinkel wrote:

> Other than superstition I haven't heard a reason from you why having commenters in wp_users is bad.

...and these kinds of comments do absolutely *nothing* to forward the discussion.  I agree with you two guys much of the time, but please can the attitude.  It's not superstition and it's not some emotional flight of fancy.  When the user elevation bugs cropped up in the past, I'm pretty sure they only applied to sites that actually *allowed* users to register.

That's not superstition, that's historical fact.  Had all commenters been Users at the time, those vulnerabilities would have applied to any blog with comments.  It's a legitimate concern.

On Mar 6, 2010, at 7:20 AM, John O'Nolan wrote:

>> Let's say I ran a company in the past and left a lot of comments using my gmail address but with my prior company's URL.  Now I've sold that company and started a new one; should the links on the old posts all change to be for my new URL?
> 
> This is completely irrelevant. In this case you would be abusing the Wordpress comment form, and if the wrong company name showed up at some point then that's your own fault.


Not necessarily spam related.  I remember a case where I was on a blog on which I commented frequently.  Along came a post on an unusual, and very serious topic.  I commented on it, but for various reasons I won't go into, chose to use a pseudonym rather than my usual "commenter name".  To be clear -- it was the type of discussion in which for many commenters the topics was such that identifying themselves could be very problematic.  Yet it was a useful topic -- it literally might have saved lives.

Don't presume that the only reason a commenter might want to identify themselves differently is for spam purposes.

On Mar 6, 2010, at 10:15 AM, scribu wrote:

> What this implies is that all sites that have user registration open are
> insecure.

Less secure, yes.


On Mar 6, 2010, at 10:59 AM, Otto wrote:

> by making users,
> you're implicitly giving the ability to log in to them. If somebody
> can create an entry in the users table, then they have registered on
> the site. That's what registration *is*.

Agreed.

On Mar 6, 2010, at 12:00 PM, Jeff Waugh wrote:

> <quote who="scribu">
> 
>> I never liked the duplication that occurs: when a logged-in user leaves a
>> comment: his email, for example, is stored both in the wp_users table, and
>> the once more for each comment.
> 
> One advantage to this denormalisation (if we're being anal retentive about
> it)... historical accuracy.
> 
> An odd example from the opposite direction: I wrote a quick hack for one of
> my sites which duplicates the user's bio into a custom field on each post
> they publish, such that if they change their bio in the future, it will not
> change on their historical posts. It was important because the context of
> the bio and article were linked -- conflict of interest disclosures and the
> like.

This is ***HUGE*** for me.  I no more want old comments to change than I would want the code to go back and change historic posts.

Also, at times I do what Jeff describes.  For example, if somebody posts about one of my WP plugins, I might comment, and in the "name" field say "Stephen R (author of the ___ plugin".  Identifying myself as such is only pertinent to that particular post.

Also -- What if my young cousin Jimmy comments on my personal blog?  Five or six years down the road he grows up a bit (it happens) and now goes by "James".  Great -- but I don't want all the old "Jimmy" comments changed to James -- that's not what he went by when he wrote that comment.

There are a lot of cases where changing a commenter out of context might in ways change the meaning of the comment.  Context is important.

Also in terms of historical fidelity:  Has anyone addressed the already-asked question of what happens if a user is deleted?  Are all the posts deleted too?

On Mar 6, 2010, at 4:02 PM, Hikari wrote:

> Some of those [proposed features] would require a profile page to be worthy, and others would require commentator filling a form. THAT's user-like 
> stuff, that justify wp-users. And user registration and login, at least so that they can update their data.
> 
> If I'd want those features, I'd open public registration. When I don't want them, I'd want commentators out of wp-users!
> 
> To fit all needs, how about leaving wp-comments alone, using current user registration features, and attach new features to it?


Again, I'm all cool with making comments into a Post type, but do please leave commenters out of wp-users.  But otherwise he's right.  If I'm going to have things like commenter profile pages, I'm going to make them register -- otherwise those will be pretty slim profiles.

Heck couldn't somebody write a plugin that "auto registers" commenters if that's what they want for their blog?


On Mar 6, 2010, at 5:38 PM, Mike Schinkel wrote:

> I was proposing to consider using wp_posts with a post_type of 'user' instead of wp_users. In the case where we keep wp_users and also created a record of wp_posts with a post_type of 'user', they are parallel.  It seems a binary option; how is it not?

I hope I'm misunderstanding you, because this makes absolutely no sense.  Whether a commenter is a User is one discussion, but are you really suggesting that we define people as a type of POST???

That sounds like a very bad, not to mention arbitrary and confusing, idea.  As somebody else commented, this sounds a lot like the Drupal "everything is a node" paradigm.  Can't say I'm a fan.

Think of the web site rule of separation: "HTML for structure, CSS for appearance, JavaScript for behavior".  Different structures for different purposes.  The Posts table is for site content.  Users table for users.  Options table for Options, and so on.

Philosophically speaking, I actually like the idea of commenters being "Users".  My opposition to it is pragmatic.  People -- actual people -- are a unique element in a site, because they have minds and motives.  The text of a post is never going to spontaneously decide it want to hack my site.  A person might, and thus people have to be treated a bit differently.  Personally I prefer my commenters to be "non-entities" as far as the code is concerned.  I value their input, but they don't exist in terms of code, or what Users can and can't do in the system.

Sincerely,
Stephen

-- 
Stephen Rider
http://striderweb.com/

More information about the wp-hackers mailing list