Voting checks IP!!

Since the voting node checks the IP, if two users are accessing the net thru the same proxy - only one will be able to vote.

I suggest that for every loggedin user we can track the username to check whether he has voted or not, and if the user is not logged in then we can use the IP. Using the IP is still not a good idea as in a dial up line the IP changes everytime u dial in.

Better to use something else (But what?)

Comment on Voting checks IP!!

Replies are listed 'Best First'.
Re: Voting checks IP!! by Nitsuj (Hermit) on Sep 29, 2001 at 21:24 UTC
I don't think that this is how it works. There is a limit to the number of cookies you can rely on a single computer to be able to store, but this would not become an issue unless there are a WHOLE lot of computers behind a single gateway all simultaneously accessing perlmonks, and that these cookies are stored hashed by IP, with perlmonks noting the number of cookies assigned to a single IP and cutting it off when it's hit the magic number (6 I think, though that seems an odd number since it isn't a power of 2) (also unlikely, dialup users do not keep the same IP, as you noted.) Though you might have to resign in or something, still, MANY computers, simultaneously. The voting nodelet would be tied to your userid in any sane system (and I assume that this is what was done). IPs are too dynamic for most users to rely on, as has been said before, this site has been around since the time that just about everyone was on dialup. Also, cookies expire, as soon as a user reset their cookies, which would allow them to vote again, which isn't a good thing. People would REALLY cheese on the XP if our only way of hashing votes was against the cookie. Your presence on the site is detected through the use of cookies, which is the only way to do this because of the nature of the HTTP protocol. The IPs are relatively meaningless because HTTP is transmitted via both UDP and TCP, and should be considered connectionless. The votes are hashed against a userid (or should be), because this can be considered permanent and to be a good primary key. Of course, I hope I answered your question, it certainly was a good one as many people don't understand exactly what is going on with such systems. UPDATE!! Holy smokes. Sorry about that, I thought that you were talking about voting on individual nodes, as in the Voting/XP system. Yeah, the voting booth is apparently implemented quite differently... I could stack the vote there with little difficulty. I can see how that would be a difficulty behind a proxy/gateway if there were multiple users of perlmonks behind it! Just Another Perl Backpacker	[reply]
Re: Voting checks IP!! by blakem (Monsignor) on Sep 29, 2001 at 16:31 UTC
I don't think the rep votes are keyed by IP address. If you view the HTML source, you can see a new field named 'vc' in each of the rep voting boxes. I'm going to go out on a limb and guess that 'vc' stands for vote checksum.... It appears that each ballot is being tagged specifically for a user, and if another user attempts to use it, they get flagged -5 points. Update: I was refering to rep voting on nodes, not the polls. Rereading the original question, I see that it was probably about the polls (especially since the poster doesn't have enough XP yet to have even seen a rep vote ballot)... I tweaked a phrase or two to make that more clear. -Blake	[reply]
(tye)Re: Voting checks IP!! by tye (Sage) on Sep 30, 2001 at 03:13 UTC
( Update: Note, I am talking about voting on polls and not about voting on nodes. I think that is what the original noder was talking about but I think at least one of the replies is talking about voting on nodes. ) A few people have said that voting isn't checking IP addresses. Well, if it isn't, then it sure has a strange way of not doing it. I can vote on a poll twice using the same login so long as I do it from different IP addresses (and no, voting doesn't set a cookie, I have prompting for that turned on). If I try to vote twice from the same computer, even when using different logins and different browsers (which don't share cookies), I'm told "You have already voted from that IP (194.246.18.106)" (IP address changed to implicate the innocent). A reasonable enhancement would be to allow each logged-in user to vote once for each poll no matter what IP address is used and to allow AnonyMonk to vote only from an IP address that hasn't already been used. But that means that the average person that has only one login and one IP address will now be able to vote twice so long as they vote anonymously first. So I actually find the current situation a bit more satisfactory in at least some ways (especially since it is already convincing several people that it isn't checking IP address) so I don't really see much point in spending development time on something so minor. YMMV. (: - tye (but my friends call me "Tye")	[reply]
Re: Voting checks IP!! by Zecho (Hermit) on Sep 29, 2001 at 16:29 UTC
>and if the user is not logged in then we can use the IP How do you vote if you're not logged in? >Better to use something else (But what?) Anyone know how to get the mac-address with perl? Other than that, the ip is about the only way that I can come up with to confirm that the votes are not coming from the same place. Checking cookies would obviously not help, unless one is set for every vote cast, and then it's still not a secure system.	[reply]
Re: Re: Voting checks IP!! by jepri (Parson) on Sep 29, 2001 at 20:39 UTC
MAC addresses never make it past the first router. ____________________ Jeremy I didn't believe in evil until I dated it.	[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.

Back to Perl Monks Discussion