[wp-hackers] "commenter" user role
scribu
scribu at gmail.com
Sat Mar 6 16:15:59 UTC 2010
On Sat, Mar 6, 2010 at 5:56 PM, Dougal Campbell <dougal at gunters.org> wrote:
> * It's a security concern: by keeping commenters out of the regular users
> table, you eliminate a class of security violations: unauthorized privilege
> escalation. If the commenter doesn't have any "real" user credentials, there
> are whole swathes of the core code paths that become inaccessible. An
> example of a privilege escalation can be as simple as the recent buglet that
> allowed unauthorized registered users to peek into the Trash. But it
> obviously, there *could* be more serious implications, if somebody forgets
> to put a capability check into place somewhere else.
>
What this implies is that all sites that have user registration open are
insecure.
> * It complicates the ability to support Anonymous commenters.
>
Please explain.
* It opens the door to "dirty" the users table with tons of useless rows. I
> had open registration on one of my sites for a while, in order to support a
> plugin for a third-party login system, and in no time, I had tons of bogus
> user registrations. Quite annoying.
>
We could automatically remove commenters when they have no more comments on
the site. Problem solved.
Just to clarify: open user registration would *not* be required for the
"commenter" role proposal to function.
--
http://scribu.net
More information about the wp-hackers
mailing list