Looking For Suggestions for an Email Voting System
Judd Pickell
pickell at gmail.com
Sat Apr 21 07:52:51 MST 2007
You can use the email address and a webform, just include a random id that
is added to the email at send time and saved in the db. If the random id and
email match save the vote, if not.. pretend like it did.. so that people who
think they stuffing the ballot box don't look to figure out what that last
id is. Just name the field userid so the would be user would be expecting it
to be a user id.
Either way, if they figure out that something isn't working, they only way
they have to stuff the ballot box is to intercept known email address email,
or hack the database.
Sincerely,
Judd Pickell
On 4/21/07, Mark Phillips <mark at phillipsmarketing.biz> wrote:
>
> On Friday 20 April 2007 20:08, Alan Dayley wrote:
> > > http://some.web.server/form.jsp?vote=no&email=member@yahoo.com
> >
> > So I could vote multiple times in other people's names just by changing
> > the URL to a different email address.
> >
> You are correct...Hmmmmm not quite secure enough, yet.
>
> > I'm not trying to be contrary to your problem.
>
> On the contrary, you are being very helpful. :-)
> > I am also not a web
> > developer so perhaps I should quit espousing possible solutions that I
> > have no experience implementing. But let me get to my point:
> >
> > The only way to ensure that you will not have multiple votes by any one
> > person is to uniquely identify each person in a way that can't be
> > "spoofed" by someone else. That means passwords, pre-shared keys or
> > public/private key pairs like PGP. (Or some other security system that
> > I don't know about.) Anything else will be game-able.
>
> I agree. Just looking for a way that is hard to game, but not impossible.
> The
> old trade off between features, cost, and time.
>
> >
> > The point to any of the easy three; agent string, IP address and email
> > address is to keep honest people honest. If you have a problem with
> > people gaming the system, I don't think any of the three easy solutions
> > will be good enough to prevent it.
>
> Base case:
>
> Email to users with a link to a web form. At the web form enter name,
> email
> address, and yes or no. Check that the email and name match the database.
> Only count the first vote for that name and address.
>
> Easy to stuff the ballots if you (1) find the page; (2) know the names and
> email addresses of the email recipients.
>
> Two thoughts on "spoof-defenses" for the base case:
>
> 1. Create a set of unique ids for each email address in the database. Call
> them uid. Maybe a combination of time, sever id, and a random number.
> Modify
> the url above:
>
>
> http://some.web.server/form.jsp?vote=no&uid=a_unique_number&email=member@yahoo.com
>
> Now, in order to spoof this one, you have to know how to create the uid
> for a
> particular email address. When the request comes in, check that the uid is
> in
> the database and it matches the one for that email address. If it has been
> used more than once, only count the first vote that came in for that uid.
>
> Technical obstacle 1 - finding a mail merge program for email. Mailman
> doesn't
> have that feature.
>
> 2. More Secure. Embed the uid in the email, but don't use a form link.
> Have
> the user respond to the email if the vote is no. If the vote is yes, do
> not
> respond. Check that the response has the correct uid for the email address
> in
> the reply from field. If so, then recored the no vote for that person. If
> multiple votes come in, don't count them.
>
> A spoofer has to know the correct uid and the correct email address to
> concoct
> the correct return email. Same as above, but requires more technical
> knowledge to create the false email, so perhaps a little more secure.
>
> Technical obstacles: 1 above and 2 - get the returned email to a program
> that
> counts the votes.
>
> Neither are perfect, but perhaps more secure than the base case.
>
> Your thoughts?
>
> >
> > An interesting conundrum. Let us know how it goes.
>
> Yup. Thanks!
>
> Mark
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20070421/6a1e43cd/attachment-0001.htm
More information about the PLUG-discuss
mailing list