Re: hash comparisons...

Fri, 20 Jul 2001 08:32:50 -0700 


The one question that comes to mind:

What about AOL users, where there could be hundreds coming from the 'same
ip' (cache server)? Libraries and cyber cafes??

It may not be an issue for Jim, but it is still something to remember.
Many large companies and isps use cache servers, so ALL users appear to
come from one ip. Like Randal mentions, the isn't really a GOOD, SAFE
way to insure that someone doesn't vote twice, unless it is a secure site
with logins required or other unique information is used.

Some surveys that I have participated in, send out a unique 'password' that
is then logged and cannot be used to vote again. But these surveys are
from companies that have customer information for me and will only send me
one password.

On 20 Jul 2001, Randal L. Schwartz wrote:

> Date: 20 Jul 2001 08:36:44 -0700
> From: Randal L. Schwartz <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: hash comparisons...
>
> >>>>> "Jim" == Jim Conner <[EMAIL PROTECTED]> writes:
>
> Jim> I am building a voting script.  This is particularly tough because of
> Jim> the things I need to pay attention to such as disallowing corrupt
> Jim> votes by someone voting multiple times.  What I want to do is allow
> Jim> players to revote.  Their new vote will simply overwrite the first
> Jim> vote.  There is a list of other things I want to do but these things
> Jim> all pivot around how I am going to do comparisons.
>
> The "someone" part is hard.  How do you tell if two uncorrelated hits
> are from the same person?
>
> Hint: you lose if you mention
>
>         cookies
>         IP address
>         browser signature
>         javascript
>
> :-)
>
> But I did cheat a bit, and use "same IP address within an hour" for
> my unscientific polling mechanism for a recent WT column, at
>
>         http://www.stonehenge.com/merlyn/WebTechniques/col59.html
>
> --
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
> <[EMAIL PROTECTED]> <URL:http://www.stonehenge.com/merlyn/>
> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
> See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>

 Eric Wisti
 Kinetic, Inc.
 (651) 848-0477



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to