Are you asking about the login or the comment form or the database?
Or all three
(1) Don’t include the comment form at all if not logged in.
(2) Every time you provide a form that’s tied to a specific user/action, it should have a token attached to it so you can validate that you gave the form to the particular user (recently).
(3) I’d think the DB would need to store…
… user.id of the comment author
… date+time comment was authored
… display status (show,hide,starred,buried,etc.)
… comment thread id
… the comment itself
You’d need an extra field if you allowed users to comment on comments – the above would work for a simple list (ordered chronologically), but you’d need more if you wanted a tree structure.
If you wanted to “version” comments (keep a record of edits), you’d need a field to track versions as well.