You can use the email address and a webform, just include a random id that is added to the email at send time and saved in the db. If the random id and email match save the vote, if not.. pretend like it did.. so that people who think they stuffing the ballot box don't look to figure out what that last id is. Just name the field userid so the would be user would be expecting it to be a user id.
Either way, if they figure out that something isn't working, they only way they have to stuff the ballot box is to intercept known email address email, or hack the database.
Sincerely,
Judd Pickell
On Friday 20 April 2007 20:08, Alan Dayley wrote:
> > http://some.web.server/form.jsp?vote=no&email=member@yahoo.com
>
> So I could vote multiple times in other people's names just by changing
> the URL to a different email address.
>
You are correct...Hmmmmm not quite secure enough, yet.
> I'm not trying to be contrary to your problem.
On the contrary, you are being very helpful. :-)
> I am also not a web
> developer so perhaps I should quit espousing possible solutions that I
> have no experience implementing. But let me get to my point:
>
> The only way to ensure that you will not have multiple votes by any one
> person is to uniquely identify each person in a way that can't be
> "spoofed" by someone else. That means passwords, pre-shared keys or
> public/private key pairs like PGP. (Or some other security system that
> I don't know about.) Anything else will be game-able.
I agree. Just looking for a way that is hard to game, but not impossible. The
old trade off between features, cost, and time.
>
> The point to any of the easy three; agent string, IP address and email
> address is to keep honest people honest. If you have a problem with
> people gaming the system, I don't think any of the three easy solutions
> will be good enough to prevent it.
Base case:
Email to users with a link to a web form. At the web form enter name, email
address, and yes or no. Check that the email and name match the database.
Only count the first vote for that name and address.
Easy to stuff the ballots if you (1) find the page; (2) know the names and
email addresses of the email recipients.
Two thoughts on "spoof-defenses" for the base case:
1. Create a set of unique ids for each email address in the database. Call
them uid. Maybe a combination of time, sever id, and a random number. Modify
the url above:
http://some.web.server/form.jsp?vote=no&uid=a_unique_number&email=member@yahoo.com
Now, in order to spoof this one, you have to know how to create the uid for a
particular email address. When the request comes in, check that the uid is in
the database and it matches the one for that email address. If it has been
used more than once, only count the first vote that came in for that uid.
Technical obstacle 1 - finding a mail merge program for email. Mailman doesn't
have that feature.
2. More Secure. Embed the uid in the email, but don't use a form link. Have
the user respond to the email if the vote is no. If the vote is yes, do not
respond. Check that the response has the correct uid for the email address in
the reply from field. If so, then recored the no vote for that person. If
multiple votes come in, don't count them.
A spoofer has to know the correct uid and the correct email address to concoct
the correct return email. Same as above, but requires more technical
knowledge to create the false email, so perhaps a little more secure.
Technical obstacles: 1 above and 2 - get the returned email to a program that
counts the votes.
Neither are perfect, but perhaps more secure than the base case.
Your thoughts?
>
> An interesting conundrum. Let us know how it goes.
Yup. Thanks!
Mark
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss