Ignore me.. I didn't fully read the email above.. On 4/21/07, Judd Pickell wrote: > > You can use the email address and a webform, just include a random id that > is added to the email at send time and saved in the db. If the random id and > email match save the vote, if not.. pretend like it did.. so that people who > think they stuffing the ballot box don't look to figure out what that last > id is. Just name the field userid so the would be user would be expecting it > to be a user id. > > Either way, if they figure out that something isn't working, they only way > they have to stuff the ballot box is to intercept known email address email, > or hack the database. > > Sincerely, > Judd Pickell > > On 4/21/07, Mark Phillips wrote: > > > > On Friday 20 April 2007 20:08, Alan Dayley wrote: > > > > http://some.web.server/form.jsp?vote=no&email=member@yahoo.com > > > > > > So I could vote multiple times in other people's names just by > > changing > > > the URL to a different email address. > > > > > You are correct...Hmmmmm not quite secure enough, yet. > > > > > I'm not trying to be contrary to your problem. > > > > On the contrary, you are being very helpful. :-) > > > I am also not a web > > > developer so perhaps I should quit espousing possible solutions that I > > > have no experience implementing. But let me get to my point: > > > > > > The only way to ensure that you will not have multiple votes by any > > one > > > person is to uniquely identify each person in a way that can't be > > > "spoofed" by someone else. That means passwords, pre-shared keys or > > > public/private key pairs like PGP. (Or some other security system that > > > I don't know about.) Anything else will be game-able. > > > > I agree. Just looking for a way that is hard to game, but not > > impossible. The > > old trade off between features, cost, and time. > > > > > > > > The point to any of the easy three; agent string, IP address and email > > > address is to keep honest people honest. If you have a problem with > > > people gaming the system, I don't think any of the three easy > > solutions > > > will be good enough to prevent it. > > > > Base case: > > > > Email to users with a link to a web form. At the web form enter name, > > email > > address, and yes or no. Check that the email and name match the > > database. > > Only count the first vote for that name and address. > > > > Easy to stuff the ballots if you (1) find the page; (2) know the names > > and > > email addresses of the email recipients. > > > > Two thoughts on "spoof-defenses" for the base case: > > > > 1. Create a set of unique ids for each email address in the database. > > Call > > them uid. Maybe a combination of time, sever id, and a random number. > > Modify > > the url above: > > > > > > http://some.web.server/form.jsp?vote=no&uid=a_unique_number&email=member@yahoo.com > > > > Now, in order to spoof this one, you have to know how to create the uid > > for a > > particular email address. When the request comes in, check that the uid > > is in > > the database and it matches the one for that email address. If it has > > been > > used more than once, only count the first vote that came in for that > > uid. > > > > Technical obstacle 1 - finding a mail merge program for email. Mailman > > doesn't > > have that feature. > > > > 2. More Secure. Embed the uid in the email, but don't use a form link. > > Have > > the user respond to the email if the vote is no. If the vote is yes, do > > not > > respond. Check that the response has the correct uid for the email > > address in > > the reply from field. If so, then recored the no vote for that person. > > If > > multiple votes come in, don't count them. > > > > A spoofer has to know the correct uid and the correct email address to > > concoct > > the correct return email. Same as above, but requires more technical > > knowledge to create the false email, so perhaps a little more secure. > > > > Technical obstacles: 1 above and 2 - get the returned email to a > > program that > > counts the votes. > > > > Neither are perfect, but perhaps more secure than the base case. > > > > Your thoughts? > > > > > > > > An interesting conundrum. Let us know how it goes. > > > > Yup. Thanks! > > > > Mark > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change you mail settings: > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > >