Yes, people could get around the voting by simply using a proxy server
or logging in from somewhere else. But the idea is that it makes it
*harder* for people to vote based on their IP address.
Also there's an issue that I'm having with my Couchapp which is that
it's extremely easy for users to create new accounts,
programmatically. All they need to do is: i=0; while(1) {
put_doc_in_users_db(i++) }
I know this is also solved by putting some sort of firewall before
Couch. But these are little fixes and little things that could really
make writing couchapps a lot better.
On Tue, May 29, 2012 at 8:28 AM, Jens Alfke <[email protected]> wrote:
>
> On May 28, 2012, at 2:26 PM, Luca Matteis wrote:
>
> contained in the request), so why not give the IP address of the
> request as well? This would allow the creation of even more powerful
> Couchapps.
>
> The IP address is not very useful for what you're trying to do. Given the
> prevalence of NAT (even by ISPs and cell carriers), multiple different users
> can appear to be at the same IP address; and given dynamic addressing and
> mobile devices, a single user can appear at multiple IP addresses over time.
>
> In other words, if you do this it will offend some of your users who will be
> accused unfairly of cheating simply because they're behind a NAT, and it'll
> still be pretty easy for people to hack around by just voting from home, from
> work, and from a cafe.
>
> Basically any system with disposable easily-created anonymous accounts will
> run into issues like these. There isn't any way around them without making
> the accounts stickier. But that's off-topic for this list.
>
> —Jens
