|
Helping ordinary people create extraordinary websites! |
Build a Perl/CGI Voting SystemBy Allan Peda2005-07-05
Details: Not-so-secret ballots The call to the $castBallot->dumpHTMLentrys() method would echo back a detailed accounting of who voted for whom. In practice I would comment this call out, scheduling the Web server to be shut down when elections were over by using the Linux at batch command. With the server off, you can uncomment this section and restart with the Web server temporarily set to listen only on the localhost address. The full results would be then be echoed back to anyone clicking on a previously submitted link, which can be collected through a copy sent to a dedicated free e-mail account. Notice that ballots are not tallied twice in this example. These results are hidden using a short JavaScript function in case it was decided to make them discreetly available to everyone in an unobtrusive manner. Admittedly some people would prefer totally anonymous voting, but since club elections are often done as a show of hands, that hardly constitutes a secret ballot.
GET-based verification link and the use of unencrypted verification links made it a trivial exercise to read these links and construct a false confirmation ballot based on a specific e-mail address and some known verification links. In order to discourage this, while still allowing the easy debugging via unencrypted links, I decided to add one more twist to the verification process: adding a unique identifier to each draft ballot. This identifier was based on the operating system process identifier (PID) of the executing script. This was combined with a random number in order to make it difficult to predict the URL to validate a draft ballot. I was concerned about this because a malicious individual might be able to deconstruct the very visible URL patterns in order to create false confirmation ballots. This is the one part of the code that would not translate directly to a In hindsight, I realize that the best way to obfuscate this link would be to use an MD5-generated hash value, effectively hiding all voter information. This would have the dual benefit of being pretty tough to forge, while remaining portable to Tutorial Pages: » Using locked DBM files with CGI-driven forms saves client data without DBMS overkill » CGI considerations: Simplicity vs. complexity » Functional design considerations » Details: Hash keys » Details: E-mail gotchas » Details: Not-so-secret ballots » Details: File layout » Details: Static vs. dynamic DNS » Details: Is GET harmful? » Other possible improvements » Conclusion » Resources First published by IBM DeveloperWorks
|
|