You are right. But with the enhancement I described, the user actually needs a (different) cookie to be set in order to be able to vote. For us, it is more about raising some barriers to make misuse a bit less trivial and more tedious.
> -----Oorspronkelijk bericht----- > Van: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Namens Rob van Maris > Verzonden: woensdag 31 maart 2004 16:06 > Aan: [EMAIL PROTECTED] > Onderwerp: RE: Script kiddies and the MMBase poll > > > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Peter Reitsma > > Sent: woensdag 31 maart 2004 15:43 > > To: [EMAIL PROTECTED] > > Subject: RE: Script kiddies and the MMBase poll > > > > The impossibility of building a watertight accept cookie > > detection lies in the impossibility to place a cookie on the > > response and detect this cookie during the same request > > (there is no such method like response.getCookie(), cookies > > have to land on the browser first :). > > It's not just that. The user can always clear the cookies > after voting, so a cookie-based policy is always easy to tamper with. > > Rob van Maris > Technical Consultant > > Quantiq > xmedia & communication solutions > > Koninginneweg 11-13 > 1217 KP Hilversum > > T +31 (0)356257211 > M +31 (0)651444006 > E [EMAIL PROTECTED] > > > > >
