User Nickname duplication is possible (they are not unique)

[ffosterdd]

I have a forum where any user can register. I have noticed in my testing that if my admin has the nickname: "Stupidhead" (or any other nickname) that other users (at least as low as author) can make thier nickname also be "Stupidhead", and have it be displayed as such.

This allows users to masquerade as other users. I think this might be a security issue, depending on how you define security

I don't think this should be allowed... there should be a check before a nickname is set (or at least before a user can set his nickname to one already in use).

Thanks!

[Viper007Bond]

I'm tempted to say this is invalid, especially since this is a plugin (forum) issue, not a WordPress one. And even then, it should be using the username, not the nickname, if it wants something unique.

However, I guess there are cases where you want unique nicknames (post author, etc.). Then again, if you can trust someone enough to make posts on your blog, I assume you can trust them to not pretend to be someone else.

[mrmist]

-1 if forced, neutral as an option. Forcing uniqueness in display names could be as restrictive in some environments as it is desired in others.