> You might try to use the reported IP of the submitter, again unique, but
> that can be forged -- so again anyone can vote more than once.

Can you say more about forging the reported IP? I've always been under
the impression that forging the source IP in a TCP session is a pretty
sophisticated operation, but maybe I'm mistaken about that.

Of course source IP isn't a reliable unique-ID, for the opposite
reason also: forward proxies, NAT, etc., make it pretty likely that
several users will come to the site from the same IP. So you'd end up
incorrectly refusing legitimate votes.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to