Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number

Re^2: proposition for Voting system

by spx2 (Deacon)
on Jun 21, 2008 at 16:59 UTC ( #693286=note: print w/replies, xml ) Need Help??

in reply to Re: proposition for Voting system
in thread proposition for Voting system

I'm not aware of any way that a js like this could be cheated ...
Are you ?

Replies are listed 'Best First'.
Re^3: proposition for Voting system
by psini (Deacon) on Jun 21, 2008 at 17:17 UTC

    Ignoring it.

    If you put in the page a js that detect the time interval between get and post, it must pass its result as a post parameter.

    If I decide to cheat, I can make a post setting the value to anything I like.

    You can use javascript, cookies, anything you want but in the end the server sees only what I pass it in the post...

    This is the fundamental reason against the use of client-side only validation of data: one can always bypass them.

    A working strategy could be to assign (server-side) an unique identifier to every get of every page, store it in a db along with a timestamp, and compute the interval (server-side) between the post time and the get stored timestamp. This is certainly possible, but would be an enormous overhead

    And, last but not least, cui prodest?

    Update: bootnote: I don't think that the idea in itself is good: most of my (few) downvotes are to badly formatted and incomprehensible questions. You don't need (and don't want to spend) much time to decide that a question saying "HELP!!! MY PROGRAM DOESN'T WORK!!!!!" doesn't deserve an answer...

    Careful with that hash Eugene.

      Please send the codez :-D

      holli, /regexed monk/
      A reply falls below the community's threshold of quality. You may see it by logging in.
Re^3: proposition for Voting system
by moritz (Cardinal) on Jun 24, 2008 at 10:38 UTC
    In principle you can't rely on anything that comes from the client. A javascript is useless in such a context unless it sends something to the server. That can easily be intercepted or modified.

    There are a myriad of other possibilities to manipulate javscript - for example you can override some behaviour with costum js (via greaksmonkey), automatically patch it on downloading, fiddling with the js interpreter etc.

    Remeber, perlmonks is regularly used by geeks who know very well how to deal with web technology. Just because you can't cheat something doesn't mean it can't be cheated at all.

Re^3: proposition for Voting system
by bart (Canon) on May 13, 2009 at 20:25 UTC
    I'm not aware of any way that a js like this could be cheated ...
    One word: Firebug.

    And what will you do with people who disable Javascript?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://693286]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (6)
As of 2018-09-23 08:02 GMT
Find Nodes?
    Voting Booth?
    Eventually, "covfefe" will come to mean:

    Results (190 votes). Check out past polls.

    • (Sep 10, 2018 at 22:53 UTC) Welcome new users!