Re: Poll security

This WebDNA talk-list message is from

2004


It keeps the original formatting.
numero = 58263
interpreted = N
texte = The only thing about checking IP address and browser is if your audience happens to be business users then the IP address will typically be the same as well as the browser as most companies standardize on a particular browser and version. So you could possibly prevent an entire company location from voting. Also, consider AOL, even users from overseas typically exit the AOL system out to the internet using the same IP numbers. So you could concevibly block lots of AOL users using that method. As to a better way of doing it? No suggestions other than requiring them to be logged into your site and then specifically log each known users vote status. Donovan Brooke wrote: > Hi, > I have coded a poll with a goal to accept only one submition > per person or machine. > > I use a cookie for one. This seems the most accurate way to > denote one machine. Since cookies can be deleted in many > browsers, I also us IP AND BROWSERNAME (which is far from > exact). The reason I use both (as I'm sure many of already > determined, is that I don't want to leave out different > individuals who are behind the same firewall. > > So I have a flag that is set to true. > First, if the poster contains the cookie that gets > set, the flag changes to false. > > Second, If there is a record in the .db that equals > both the IP & The browsername, the flag is given > a value of False. > > If the value is false then they can't take the poll. > > I figure this will cover most situations because > first of all, not too many people will think about > deleting a cookie so they can take the poll again. ;-). > However, if for some reason they manage to figure > that out, I have this backup thingy. > > How does that sound to you all and would you suggest > something different? > > Thanks, > Donovan > > > > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Poll security ( eLists 2004)
  2. Poll security ( Donovan Brooke 2004)
The only thing about checking IP address and browser is if your audience happens to be business users then the IP address will typically be the same as well as the browser as most companies standardize on a particular browser and version. So you could possibly prevent an entire company location from voting. Also, consider AOL, even users from overseas typically exit the AOL system out to the internet using the same IP numbers. So you could concevibly block lots of AOL users using that method. As to a better way of doing it? No suggestions other than requiring them to be logged into your site and then specifically log each known users vote status. Donovan Brooke wrote: > Hi, > I have coded a poll with a goal to accept only one submition > per person or machine. > > I use a cookie for one. This seems the most accurate way to > denote one machine. Since cookies can be deleted in many > browsers, I also us IP AND BROWSERNAME (which is far from > exact). The reason I use both (as I'm sure many of already > determined, is that I don't want to leave out different > individuals who are behind the same firewall. > > So I have a flag that is set to true. > First, if the poster contains the cookie that gets > set, the flag changes to false. > > Second, If there is a record in the .db that equals > both the IP & The browsername, the flag is given > a value of False. > > If the value is false then they can't take the poll. > > I figure this will cover most situations because > first of all, not too many people will think about > deleting a cookie so they can take the poll again. ;-). > However, if for some reason they manage to figure > that out, I have this backup thingy. > > How does that sound to you all and would you suggest > something different? > > Thanks, > Donovan > > > > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ eLists

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Emailed problem (2000) WebCat2 beta 11 - new prefs ... (1997) Emailer (WebCat2) (1997) [HIDEIF] inside [FOUNDITEM] (1997) WebCatalog Hosting (1996) WC2b12: Yes, Formulas.db is for real (1997) Latest beta slow on [order] and [purchase] (1997) Converting Quotes in Javascript (2001) [convertchars] (2000) Searchable WebCat (etc.) Docs ? (1997) search w/international chars (1999) Date problems-more (1997) CC Processing (2001) I give up!! (1997) corrupted jpgs (2003) Bit off subject -- Faxing orders (1997) WCf2 and nested tags (1997) HTML Editors (1997) emailer error -108 (1997) [Feature Request] Stronghold security variables that cannot be (2000)