On 2015-03-29 20:16, Alan Cabrera wrote:
I was looking at our backend code and noticed that they are in charge of generating the election hash. In my opinion I think the election hash should be generated by the callers of the back end and not delegated to the back ends themselves.
What exactly do you mean by 'callers of the backend'? The person doing the API call? or the library doing the final call to the DB backend? or? It's important that the API has no way of setting/rigging the election hash nor should anyone but the monitors really know it (and even then, they get a hash of a hash). The way it is now, in pysteve at least, election.py is in charge of generating the hash for the election, and I think that's the sane place to put it.
In an ideal world, the person setting up an election should not have direct access to the election server, and should definitely not have access to fiddle with the election hash.
With regards, Daniel.
Thoughts? Sent from my iPhone
