On Fri, Jan 28, 2011 at 9:17 AM, Johanne Banda <[email protected]>wrote:
> > Firstly David, Thank you very much for the "Otunnu Exploit" > That is why we open sourced the project. To get as much feed back as > possible and make the best project possible. > > The Exploit has been patched. > > Please continue to test the site and find the holes (if you find them we > will patch them) > > Less than a month to the elections and the input of the Techie community is > sorely needed. > > Johanne > Open source peer review at its finest. The fixes look like a good start- particularly not revealing the number of registered voters per polling station. The only sure-fire way to prevent automated submissions is to implement a captcha though. Scripts like this are the reason why captchas (no matter how obnoxious) exist. Cookies / user-agents can easily be modified for each submission. Also, thanks for receiving the feedback so amicably- many others wouldn't have. David -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
