[wp-hackers] "commenter" user role
Aaron Jorbin
aaron at jorb.in
Fri Mar 5 22:53:50 UTC 2010
I disagree with you on both regards.
1: A number of the security holes over the history of wordpress are
user escalation issues. By registering everyone who ever leaves a
comment, you are opening up a number of sites to these. While keeping
an up to date installation is obviously the best route, restricting
registration is not a bad policy. Would you allow anyone to walk up
to your home computer and create an account?
2. This would be a pretty big change. Up until now you had to
explicitly allow open registration. What you're proposing is removing
that option from site admins. I don't think the core should remove or
restrict options.
3. I'm not convinced that this improves the database structure. It
has the potential to vastly grow the user and user_meta fields. Also,
how do you intend to handle the issue of sites that already have
thousands of comments? I for one wouldn't appreciate waking up to the
day after 3.1 (or whenever this got implemented) is released to an
e-mail from every site that I've commented on with a user account.
-Aaron
http://aaron.jorb.in
twitter: twitter.com/aaronjorbin
On Fri, Mar 5, 2010 at 2:39 PM, scribu <scribu at gmail.com> wrote:
> On Sat, Mar 6, 2010 at 12:23 AM, Otto <otto at ottodestruct.com> wrote:
>
>> As long as this has a master off-switch, because there's no way I'd
>> ever implement such a thing on my sites.
>>
>> My users table contains one user: me. It will never contain another.
>>
>
> There's a word for that: irrational fear.
>
>
> On Sat, Mar 6, 2010 at 12:26 AM, Aaron Jorbin <aaron at jorb.in> wrote:
>
>> I'm with Otto on this one. I think this would be a much better plugin
>> then core material.
>>
>
> It's very much core material, since it improves the database structure.
>
> However, I do plan to take a stab at it in a plugin, first.
>
>
> --
> http://scribu.net
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list