Programming C, C++, Java, PHP, Ruby, Turing, VB
Computer Science Canada 
Programming C, C++, Java, PHP, Ruby, Turing, VB  

Username:   Password: 
 RegisterRegister   
 Using php to generate an image
Index -> Web Design
Goto page Previous  1, 2, 3, 4  Next
View previous topic Printable versionDownload TopicSubscribe to this topicPrivate MessagesRefresh page View next topic
Author Message
ProgrammingFun




PostPosted: Thu Feb 24, 2011 7:59 pm   Post subject: RE:Using php to generate an image

wow, how would I go about countering that?
Perhaps I should just hope that no hacker happens to see the poll? Mr. Green
Sponsor
Sponsor
Sponsor
sponsor
Tony




PostPosted: Thu Feb 24, 2011 9:31 pm   Post subject: RE:Using php to generate an image

You can't really, unless you have a login system. But even then that only works if the cost of creating new user accounts is greater than the value of a casted vote.

Re: any IP-based suggestions -- it's a school poll. All of the students will have the same IP, while at school.
Latest from compsci.ca/blog: Tony's programming blog. DWITE - a programming contest.
Sur_real




PostPosted: Thu Feb 24, 2011 9:43 pm   Post subject: RE:Using php to generate an image

oh...yeah, forgot about that lol

what about creating sessions, so the only way would be to reopen browser? That can limit it to a certain extend...
ProgrammingFun




PostPosted: Thu Feb 24, 2011 10:03 pm   Post subject: Re: RE:Using php to generate an image

Sur_real @ Thu Feb 24, 2011 9:43 pm wrote:
oh...yeah, forgot about that lol

what about creating sessions, so the only way would be to reopen browser? That can limit it to a certain extend...

How would I go about doing that? That sounds like a good solution....

Is there any way that I can hide the fact that there is a process.php? Would that protect it to some extent?
Tony




PostPosted: Thu Feb 24, 2011 10:24 pm   Post subject: RE:Using php to generate an image

Sessions (cookies) are easily cleared. In fact, a lot of simple net libraries don't even keep track of cookies in the first place.

Quote:
hide process.php

A form must submit to some location, and I can do the same. As much as you can try to obfuscate the locations / redirects / whatever, the system is conceptually vulnerable to a Replay Attack -- http://en.wikipedia.org/wiki/Replay_attack
Latest from compsci.ca/blog: Tony's programming blog. DWITE - a programming contest.
DemonWasp




PostPosted: Thu Feb 24, 2011 10:30 pm   Post subject: RE:Using php to generate an image

Ultimately, no, there's no real way to hide which URL you're submitting vote data to. It's easy enough to figure that out with Firebug or equivalents. If the computer can figure it out, a malicious user can figure it out.

The only real way to avoid multiple votes is to have an authentication system. If you don't want to make user accounts yourself, or correlate name-with-student-ID or similar, then you can't really do that. A simple measure would be to put a cookie on the user's system that says "I've already voted", but this could be trivially bypassed -- even accidentally -- by either a user who knows what they're doing, or by a user who has cookies disabled for whatever reason. See here: http://php.net/manual/en/features.cookies.php
Dan




PostPosted: Fri Feb 25, 2011 6:35 am   Post subject: RE:Using php to generate an image

You could send an e-mail to each student who can vote with a link to the poll that cotains a unquie key in the url parameters that can be only used once.

Bascily you keep a table of keys, and once some one votes with that key you remove it's row from the database. This would require that you have some means of giving the students their keys or a url with their key in it.

Edit: Also keys should not be simple like: 1, 2, 3, 4, 5 but longer strings that are seemlingly random like:

5b19344e68b50229e839a07b0652fa71,
eb0a7a912cdfced0b68808dc8a98ac8e,
d58fb80e442e2644268475577e824ef6,
etc

But ensure that they are unique and have no obvious patter. For example you could take the hash of the students e-mail + a salt you never tell anyone.
Computer Science Canada Help with programming in C, C++, Java, PHP, Ruby, Turing, VB and more!
DemonWasp




PostPosted: Fri Feb 25, 2011 8:29 am   Post subject: RE:Using php to generate an image

If you have all the student email addresses, wouldn't it be simpler to build a system that only accepts one vote per registered email address (each student votes with their email address as ID)?
Dan




PostPosted: Fri Feb 25, 2011 9:18 am   Post subject: Re: RE:Using php to generate an image

DemonWasp @ 25th February 2011, 8:29 am wrote:
If you have all the student email addresses, wouldn't it be simpler to build a system that only accepts one vote per registered email address (each student votes with their email address as ID)?


You would still have to authenticate the e-mail some how, or students could use other students vote if they knew their e-mail. So either way you would have to send the e-mail some kind of key.
Computer Science Canada Help with programming in C, C++, Java, PHP, Ruby, Turing, VB and more!
DemonWasp




PostPosted: Fri Feb 25, 2011 10:33 am   Post subject: RE:Using php to generate an image

Fair point. Then again, though, is this poll worth the effort of mailing everyone in the school a key and dealing with the associated extra complexity?
Dan




PostPosted: Fri Feb 25, 2011 11:00 am   Post subject: Re: RE:Using php to generate an image

DemonWasp @ 25th February 2011, 10:33 am wrote:
Fair point. Then again, though, is this poll worth the effort of mailing everyone in the school a key and dealing with the associated extra complexity?


Well it depedns on how imporantant the poll is. If all the students have the same kind of e-mail, such as _somthing_@victoriaparkci.com he could have them create a poll acount which only allows acounts to be created with a valid @victoriaparkci.com e-mail (with an activation e-mail). My method was more for a one time poll, an account would be better if their will be many polls.

Looking at the link ProgrammingFun posted, it seems that this is for some kind of student forum? If thats the case why not tie it into the fourms accounts?
Computer Science Canada Help with programming in C, C++, Java, PHP, Ruby, Turing, VB and more!
ProgrammingFun




PostPosted: Fri Feb 25, 2011 1:15 pm   Post subject: Re: RE:Using php to generate an image

Dan @ Fri Feb 25, 2011 11:00 am wrote:
Looking at the link ProgrammingFun posted, it seems that this is for some kind of student forum? If thats the case why not tie it into the fourms accounts?

That is exactly what I was about to ask next! Is there any way that I can use the forum accounts to login into the poll for the user to vote (without compromising the forum database)? That way, would I be able to make a browser session with that login so to revote, they would have to login again?

This is not actually a very important poll, it is designed as a promotion campaign for the forum...I guess you could call it important (in a way) Smile
ProgrammingFun




PostPosted: Sun Mar 06, 2011 5:17 pm   Post subject: RE:Using php to generate an image

The final poll is being launched this week...we tried to fix the script problem by adding sessions (and something else Wink )...

Please test it here: http://forum.victoriaparkci.com/v1/playlist/
...and tell me what you think (+ any remaining bugs and errors)

Thanks!
Tony




PostPosted: Sun Mar 06, 2011 5:44 pm   Post subject: Re: RE:Using php to generate an image

ProgrammingFun @ Sun Mar 06, 2011 5:17 pm wrote:
we tried to fix the script problem by adding sessions (and something else Wink )...

clearing cookies still works for multiple votes.
Latest from compsci.ca/blog: Tony's programming blog. DWITE - a programming contest.
ProgrammingFun




PostPosted: Sun Mar 06, 2011 6:55 pm   Post subject: RE:Using php to generate an image

Yes...but is there a script that can do that? I hope not...
Display posts from previous:   
   Index -> Web Design
View previous topic Tell A FriendPrintable versionDownload TopicSubscribe to this topicPrivate MessagesRefresh page View next topic

Page 3 of 4  [ 49 Posts ]
Goto page Previous  1, 2, 3, 4  Next
Jump to:   


Style:  
Search: