2

I am implementing a voting system and need some input from fellow programmers. Do you see anything that could go wrong by having users input a valid email and perhaps have a captcha to stop automated voting instead of a traditional login and vote?

2 Answers2

2
  • How will you know the e-mail is valid? They get e-mailed a link and must follow it?
  • How do you know if a user has more than one e-mail address?
CashCow
  • 1,610
  • 13
  • 16
  • I was going to make sure the domain existed by connecting to it. –  Feb 22 '11 at 16:14
  • What if they make up a address for a real domain? noemail@aol.com – Morons Feb 22 '11 at 16:20
  • There is also the VRFY verb you can use on mail servers, but I don't know if every mail service supports it. –  Feb 22 '11 at 16:22
  • Depending on the site/poll users might be hesitant to provide their email address just to vote in some throw away poll also, so you might limit the uptake. – Jake Feb 22 '11 at 16:23
0

It depends how important your voting system is. Does it matter if users can rig it a little bit?

How secure do you need it to be?

"Vote for the best album of 2011 so far" - it doesn't matter too much if people vote twice but "vote for the new president" and maybe it does.

If one user has multiple email addresses then simple email will fail - as a fairly average modern user I could - if I cared enough - vote five times with that arrangement.

As there is no solid way of guaranteeing user identity online, however, you are going to have to choose where to compromise based on the risk that rigged voting would entail.

glenatron
  • 8,729
  • 3
  • 29
  • 43
  • Well there is monetary compensation involved so I want it moderately secure. I was also thinking of using facebook connect. But not everyone uses facebook so that might limit my user base. I am expecting to have a large volume of votes so maybe a few rigged votes won't be an issue. –  Feb 22 '11 at 16:19
  • 1
    I actually think something like Facebook Connect might work well for this as it's probably one of the most universal sites and there are relatively few people with multiple facebook personas, though it is far from impossible to create them. – glenatron Feb 22 '11 at 16:30