I know this isn't a huge problem for our use cases, so it's totally valid for you not to care, but:
Suppose a user changes their name in whatever system does the authentication. That name is used for any future session for comments that they add.
This name is also the only check in place to see if a user is allowed to delete or edit a comment. The comments table does not, in fact, have any column indicating the id of the author, it only has their name.
Changing your name lets you edit or delete any comments you like.
The fact that the user's name gets duplicated into every single comment record also makes it difficult to update a user's name on their request.
If the comment records included the user's ID (as per whatever auth system is used) and looked up the name in a user table, then there would be one instance of the user's name, which could be updated if the user changes their name. As it stands you'd have to rename them on every comment, and if they happen to share a name with someone else then multiple people's names get changed unexpectedly.
We each have only a small number of users, and they're generally trusted, so this is mostly fine, but having recently changed my name, I have developed a pet peeve for systems that either: refuse to allow you to update your name, or don't update it everywhere at once.
I have a fix in progress, on my fork. I'm adding a google auth option because the University of York has gsuite, so that's how I'm gonna authenticate people. It's in adding this that I found these issues.
I know this isn't a huge problem for our use cases, so it's totally valid for you not to care, but:
Suppose a user changes their name in whatever system does the authentication. That name is used for any future session for comments that they add.
This name is also the only check in place to see if a user is allowed to delete or edit a comment. The comments table does not, in fact, have any column indicating the id of the author, it only has their name.
Changing your name lets you edit or delete any comments you like.
The fact that the user's name gets duplicated into every single comment record also makes it difficult to update a user's name on their request.
If the comment records included the user's ID (as per whatever auth system is used) and looked up the name in a user table, then there would be one instance of the user's name, which could be updated if the user changes their name. As it stands you'd have to rename them on every comment, and if they happen to share a name with someone else then multiple people's names get changed unexpectedly.
We each have only a small number of users, and they're generally trusted, so this is mostly fine, but having recently changed my name, I have developed a pet peeve for systems that either: refuse to allow you to update your name, or don't update it everywhere at once.
I have a fix in progress, on my fork. I'm adding a google auth option because the University of York has gsuite, so that's how I'm gonna authenticate people. It's in adding this that I found these issues.