| User | Post |
|
|
|
Two issues have arisen. The first is the case of a member who does NOT login and then makes a post. Currently that person is processed as a Guest. If they use the same username and email address to make this post it is possible for the system to detect that they should be logged in. This raises the question - what should the system do about it? Should it reject the post?
The second scenario is a Guest who makes a post using a members username. This is more difficult as they would also need to know the members email address but in theory it is perhaps possible if a meber was lax with their own security. Now we have no way of knowing if this is a member who didn’t bother to login - or a guest who has somehow ’stolen’ a members credentials. The same question applies….
What would people expect to happen?
As an extra wrinkle, the system can tell the current user (member or returning guest) by their cookie. except, of course, bt everyone alllows cookies!
|
|
|
7:26 pm
28 Oct 2007
|
-Radio-
Moderator
| | Florida - USA | |
|
| posts 482 |
|
|
in case 1) … I do not allow guest users to post … I get enough Akismet spam as it is…
in this instance my prefrence would be to save the information - display a log in form with access to registration - after completed login, post the data.
in case 2) … the same system would also apply, save the data but require a login to complete the post process.
if the user has been lax in their security, yes, someone else might be able to post under their name/login. but lets face it, we aren’t accepting applications for credit cards … it’s a BLOG with a FORUM… There is a method of deleting users who get abusive and-or stupid.
|
|
|
10:17 pm
28 Oct 2007
|
ovizii
Guest
| | | |
|
| |
|
|
well, I use the impostercide plugin, which does not allow posts with registered usernames/emails if not logged in. thats what I would prefer.
|
|
|
|
|
Of course - it should be noted that this ONLY applies for forum users who allow guests to post. As I do. Although I would suspect I am in the minority.
|
|
|
8:17 pm
31 Oct 2007
|
Mr Papa
Moderator
| | Arizona, USA | |
|
| posts 1270 |
|
|
no posts should be allowed by guests that match a registered members name or email address would seem the best solution to me…
|
|
|
|
|
That was the way my thinking was going. If I can detect that the current ‘guest’ is actually a user then force a login prior to adding anything. Sounds simple doesn’t it? It isn’t going to be though…!
|
|
|
9:25 am
31 Jan 2008
|
hombrelobo
Guest
| | | |
|
| |
|
|
I do not allow anybody to log into my system, so they are all guests.
I’d rather use a combination of gravatar plus emails like in the WP comments.
Maybe I am paranoid, but allowing anybody to log in scares me …
|
|
|
|
|
That’s fine. And to be honest it is rare I get a ’spam’ posting…
|
|
Forums
