Let's say I want to open a simple, simple poll which could b开发者_JAVA技巧e hand-made via PHP. There are only two options. Option A or Option B. Without telling people to register, what is the most secure way to deter cheating?
If possible, I would like to use MySQL to store the data such as the votes. I am not asking for code, I am asking for ways on what I should do.
I say no registering because it puts people off just for a simple vote...
Thank you and have a good day.
There is no "good" way, let alone a "secure" way. Store their IP address, and don't allow additional votes from that IP. People behind NAT get screwed, but it's really the only thing you can do.
Alternatives include sending them a cookie which prevents them from voting twice, but that is trivially circumvented by even the most tech-unsavvy user.
Give each voter an ever cookie. It's sneaky as all hell, and some people take issue with them, but if you want a fairly good guarantee this is probably it.
Defence in depth. Store as much identifying information as you can.
Store IP address, browser agent, host address, host name ... everything you like the look of, in your MySQL table. If ALL of these match, then it's someone trying to dupe.
Set a cookie to stop them voting. If this exists, they're trying to dupe.
Set a flash cookie to stop them voting (entirely different to normal cookies, get Googling :P) If this exists, they're trying to dupe.
Plus anything else you can think of. There will always be ways to get around it, of course, as it's always extremely hard to say "yes, that almost untraceable request came from that person", but it's more about making it a MASSIVE pain in the ass to beat the system with something like this.
IP is the way to go without registration. You could also get and check against the useragent in addition to the IP address, this might allow for a few more people who are using different computer configurations from the same IP address. Good luck.
精彩评论