Looking For Suggestions for an Email Voting System
Mark Phillips
mark at phillipsmarketing.biz
Sat Apr 21 06:40:26 MST 2007
On Friday 20 April 2007 20:08, Alan Dayley wrote:
> > http://some.web.server/form.jsp?vote=no&email=member@yahoo.com
>
> So I could vote multiple times in other people's names just by changing
> the URL to a different email address.
>
You are correct...Hmmmmm not quite secure enough, yet.
> I'm not trying to be contrary to your problem.
On the contrary, you are being very helpful. :-)
> I am also not a web
> developer so perhaps I should quit espousing possible solutions that I
> have no experience implementing. But let me get to my point:
>
> The only way to ensure that you will not have multiple votes by any one
> person is to uniquely identify each person in a way that can't be
> "spoofed" by someone else. That means passwords, pre-shared keys or
> public/private key pairs like PGP. (Or some other security system that
> I don't know about.) Anything else will be game-able.
I agree. Just looking for a way that is hard to game, but not impossible. The
old trade off between features, cost, and time.
>
> The point to any of the easy three; agent string, IP address and email
> address is to keep honest people honest. If you have a problem with
> people gaming the system, I don't think any of the three easy solutions
> will be good enough to prevent it.
Base case:
Email to users with a link to a web form. At the web form enter name, email
address, and yes or no. Check that the email and name match the database.
Only count the first vote for that name and address.
Easy to stuff the ballots if you (1) find the page; (2) know the names and
email addresses of the email recipients.
Two thoughts on "spoof-defenses" for the base case:
1. Create a set of unique ids for each email address in the database. Call
them uid. Maybe a combination of time, sever id, and a random number. Modify
the url above:
http://some.web.server/form.jsp?vote=no&uid=a_unique_number&email=member@yahoo.com
Now, in order to spoof this one, you have to know how to create the uid for a
particular email address. When the request comes in, check that the uid is in
the database and it matches the one for that email address. If it has been
used more than once, only count the first vote that came in for that uid.
Technical obstacle 1 - finding a mail merge program for email. Mailman doesn't
have that feature.
2. More Secure. Embed the uid in the email, but don't use a form link. Have
the user respond to the email if the vote is no. If the vote is yes, do not
respond. Check that the response has the correct uid for the email address in
the reply from field. If so, then recored the no vote for that person. If
multiple votes come in, don't count them.
A spoofer has to know the correct uid and the correct email address to concoct
the correct return email. Same as above, but requires more technical
knowledge to create the false email, so perhaps a little more secure.
Technical obstacles: 1 above and 2 - get the returned email to a program that
counts the votes.
Neither are perfect, but perhaps more secure than the base case.
Your thoughts?
>
> An interesting conundrum. Let us know how it goes.
Yup. Thanks!
Mark
More information about the PLUG-discuss
mailing list