Looking For Suggestions for an Email Voting System
Judd Pickell
pickell at gmail.com
Sat Apr 21 07:53:50 MST 2007
Ignore me.. I didn't fully read the email above..
On 4/21/07, Judd Pickell <pickell at gmail.com> wrote:
>
> You can use the email address and a webform, just include a random id that
> is added to the email at send time and saved in the db. If the random id and
> email match save the vote, if not.. pretend like it did.. so that people who
> think they stuffing the ballot box don't look to figure out what that last
> id is. Just name the field userid so the would be user would be expecting it
> to be a user id.
>
> Either way, if they figure out that something isn't working, they only way
> they have to stuff the ballot box is to intercept known email address email,
> or hack the database.
>
> Sincerely,
> Judd Pickell
>
> On 4/21/07, Mark Phillips <mark at phillipsmarketing.biz> wrote:
> >
> > On Friday 20 April 2007 20:08, Alan Dayley wrote:
> > > > http://some.web.server/form.jsp?vote=no&email=member@yahoo.com
> > >
> > > So I could vote multiple times in other people's names just by
> > changing
> > > the URL to a different email address.
> > >
> > You are correct...Hmmmmm not quite secure enough, yet.
> >
> > > I'm not trying to be contrary to your problem.
> >
> > On the contrary, you are being very helpful. :-)
> > > I am also not a web
> > > developer so perhaps I should quit espousing possible solutions that I
> > > have no experience implementing. But let me get to my point:
> > >
> > > The only way to ensure that you will not have multiple votes by any
> > one
> > > person is to uniquely identify each person in a way that can't be
> > > "spoofed" by someone else. That means passwords, pre-shared keys or
> > > public/private key pairs like PGP. (Or some other security system that
> > > I don't know about.) Anything else will be game-able.
> >
> > I agree. Just looking for a way that is hard to game, but not
> > impossible. The
> > old trade off between features, cost, and time.
> >
> > >
> > > The point to any of the easy three; agent string, IP address and email
> > > address is to keep honest people honest. If you have a problem with
> > > people gaming the system, I don't think any of the three easy
> > solutions
> > > will be good enough to prevent it.
> >
> > Base case:
> >
> > Email to users with a link to a web form. At the web form enter name,
> > email
> > address, and yes or no. Check that the email and name match the
> > database.
> > Only count the first vote for that name and address.
> >
> > Easy to stuff the ballots if you (1) find the page; (2) know the names
> > and
> > email addresses of the email recipients.
> >
> > Two thoughts on "spoof-defenses" for the base case:
> >
> > 1. Create a set of unique ids for each email address in the database.
> > Call
> > them uid. Maybe a combination of time, sever id, and a random number.
> > Modify
> > the url above:
> >
> >
> > http://some.web.server/form.jsp?vote=no&uid=a_unique_number&email=member@yahoo.com
> >
> > Now, in order to spoof this one, you have to know how to create the uid
> > for a
> > particular email address. When the request comes in, check that the uid
> > is in
> > the database and it matches the one for that email address. If it has
> > been
> > used more than once, only count the first vote that came in for that
> > uid.
> >
> > Technical obstacle 1 - finding a mail merge program for email. Mailman
> > doesn't
> > have that feature.
> >
> > 2. More Secure. Embed the uid in the email, but don't use a form link.
> > Have
> > the user respond to the email if the vote is no. If the vote is yes, do
> > not
> > respond. Check that the response has the correct uid for the email
> > address in
> > the reply from field. If so, then recored the no vote for that person.
> > If
> > multiple votes come in, don't count them.
> >
> > A spoofer has to know the correct uid and the correct email address to
> > concoct
> > the correct return email. Same as above, but requires more technical
> > knowledge to create the false email, so perhaps a little more secure.
> >
> > Technical obstacles: 1 above and 2 - get the returned email to a
> > program that
> > counts the votes.
> >
> > Neither are perfect, but perhaps more secure than the base case.
> >
> > Your thoughts?
> >
> > >
> > > An interesting conundrum. Let us know how it goes.
> >
> > Yup. Thanks!
> >
> > Mark
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change you mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20070421/83e9a333/attachment.htm
More information about the PLUG-discuss
mailing list