[PLIP-Advisories] Re: [Plone] #9305: Use real names instead of usernames

plip-advisories at lists.plone.org plip-advisories at lists.plone.org
Fri Aug 7 10:15:57 UTC 2009


#9305: Use real names instead of usernames
--------------------------+-------------------------------------------------
 Reporter:  laurenskling  |        Owner:  laurenskling
     Type:  PLIP          |       Status:  new         
 Priority:  minor         |    Milestone:  4.0         
Component:  Unknown       |   Resolution:              
 Keywords:                |  
--------------------------+-------------------------------------------------

Old description:

> Plone is mostly used in friendly environments where people know each
> other by name, like on Intranets. Showing usernames doesn't give much
> information, as it still doesn't say much about the identity of a person.
> I see no objections in showing real names by default, throughout Plone
> (On search results, comments, versioning, etc.)
>

> == Proposal: ==
>

> * Use realnames instead of usernames by default in naming users.
> * Make this configurable in the Plone Control Center, if users need to be
> anonymous.
>

> == Risks: ==
>
> Unmeant revealing of real names when upgrading to Plone 4.

New description:

 Plone is mostly used in friendly environments where people know each other
 by name, like on Intranets. Showing usernames doesn't give much
 information, as it still doesn't say much about the identity of a person.
 I see no objections in showing real names by default, throughout Plone (On
 search results, comments, versioning, etc.)


 == Proposal: ==

  * Use realnames instead of usernames by default in naming users.
  * Make this configurable in the Plone Control Center, if users need to be
 anonymous.


 == Risks: ==

 Unmeant revealing of real names when upgrading to Plone 4.

--

Comment(by wichert):

 I also posted this to the framework-team list, but for archiving purposes
 I'll add my comments here as well.

 I'm afraid I do not agree with the proposed implementation. Adding a new
 method to the membership tool is not useful since there already is a
 getMemberInfo() method which returns almost the same information. There
 are no performance differences between getMemberInfo() and a separate
 getFullName() method.

 I also don't buy the lookup mechanism mentioned in the PDF: you are
 essentially creating a persistent cache system, which means that suddenly
 page views can trigger ZODB writes, which is very bad for high performance
 sites. It also will miss all user changes created directly in external
 user sources such as LDAP, AD and SQL databases, leading to incorrect and
 possibly confusing behaviour.

 If there is a performance problem, which has not been proven yet, it
 should imho be solved at a different point. All the required PAS methods
 are already ZCacheable, so that is not expensive. The single object wakeup
 to get the users member data is also not that bad, and I would be very
 surprised if that shows up in a real world profile.

-- 
Ticket URL: <http://dev.plone.org/plone/ticket/9305#comment:19>
Plone <http://plone.org>
Plone Content Management System


More information about the PLIP-Advisories mailing list