> You might try to use the reported IP of the submitter, again unique, but > that can be forged -- so again anyone can vote more than once.
Can you say more about forging the reported IP? I've always been under the impression that forging the source IP in a TCP session is a pretty sophisticated operation, but maybe I'm mistaken about that. Of course source IP isn't a reliable unique-ID, for the opposite reason also: forward proxies, NAT, etc., make it pretty likely that several users will come to the site from the same IP. So you'd end up incorrectly refusing legitimate votes. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php