Unique User

[eluser]tix[/eluser]
[quote author="phybertek" date="1218211704"]Jilani,

I can deal with someone (a real person) cheating and clearing their cookies in Firefox or IE, but what I am trying to find out is, are there any programs that can accept site cookies, respond to your voting system in a loop?

What I want to prevent is someone write a script making choice thosands of times cheating the process.

Phybertek[/quote]

Yes it is possible to programaticaly vote and you can accept a cookie.
Nearly every language for desktop application has a browser component and you can even make it with php + curl.

[eluser]drewbee[/eluser]
Yeah. Something like this may take a hole 10 minutes to whip up with PHP & Curl. I could even make the program sign in with an already registered account and go nuts.

[eluser]Michael Wales[/eluser]
In reality: would anyone want to?

Focus on the big picture then take care of details. At the moment, no one can cheat your voting system - it is absolutely fool-proof. Why? Because it's not live.

An application not being live is the biggest bug of them all. Get it out there - then iterate.

Of course, take this in context - if you are developing a system for government elections it better be rock solid. If you are making just another "create your own poll, for free" site - you just need to get the site live and get users.

[eluser]drewbee[/eluser]
I agree with you so much Michael!
So many people worry about this and this hole and this security etc etc. The reality of it is while alot of people come in here for these questions, more time then not the application doesn't get finished which is a real shame.

We know you are trying to take precautions, and that is a good thing. But don't stress over it until you have a user base of which is trying to treat the system. It takes a lot of growth (unless your unlikely) to attract the trickeration type of user.

[eluser]phybertek[/eluser]
I am not over thinking security.. The site voting will be based on the winner makes money. When there is money involved, you have to figure out how to stop cheaters, if not make it very hard for them to do so. When you release an Application to the public, you have to try to make sure you can prevent as much problems as you can. This is part of the design process. If you don't try to think about all of the problem, some smart person will.

I am only asking these questions, because I am trying to get the advice of smart people so that know all my options before I start really developing. Money automatically causes trickeration, by nature humans are greedy.

Regards,

-Phybertek

[eluser]marcoss[/eluser]
If money is involved, then you should seriously reconsider your approach of not-registered-users voting. Having your users registered and logged-in in order to vote, will let you be 100% sure that the same user is not voting more than x times per day/hour/etc.

[eluser]drewbee[/eluser]
Correct. If money is concerned you will have to do that. In fact I wouldn't recommend it any other way. Then you just have to go to the issue of keeping the same user registering multiple accounts. Another step to deter the process, but better then non-registered at all.

[eluser]phybertek[/eluser]
Ok, the site that this App is bing built for is very niche market. Getting lots of votes for something niche is hard. Also, having no-niche people to sign up for niche markets to vote for friends will create a lot of database trash.. but thank your the info.

-Phybertek

[eluser]webthink[/eluser]
You might consider hashing the useragent, and the IP. A real storm of votes from the same hashed IP/UA is suspicious. That, in conjunction with cookies, ought to be good enough. I suppose a captcha might help too, if you are worried about automated attacks.

[eluser]dmitrybelyakov[/eluser]
[quote author="webthink" date="1218328362"]You might consider hashing the useragent, and the IP. A real storm of votes from the same hashed IP/UA is suspicious. That, in conjunction with cookies, ought to be good enough. I suppose a captcha might help too, if you are worried about automated attacks.[/quote]

Hashing useragent and ip seems to be quite a good idea to me! Thanks for that! Time-locking ip might be a good idea too.

Cheers!