[wp-trac] [WordPress Trac] #23179: New avatar related option - use gravatar only for registered users
WordPress Trac
noreply at wordpress.org
Fri Jan 11 15:41:00 UTC 2013
#23179: New avatar related option - use gravatar only for registered users
-----------------------------+-------------------------
Reporter: mark-k | Type: enhancement
Status: new | Priority: normal
Milestone: Awaiting Review | Component: Comments
Version: | Severity: normal
Keywords: |
-----------------------------+-------------------------
The use of gravater is problematic because there is no attempt to verify
that a comment with which an email was used was actually left by the owner
of the email (AFAICT gravatar doesn't even have an API for
authentication).
This makes impersonating to someone else that have a gravatar in a
wordpress site comments much too easy.
IMO non autogenerated gravatars should be displayed by default only for
users for which it is known that they actually own the email address,
which are usually only the registered users.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/23179>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list