一个简单的投票系统:如何防止重复投票 [英] A simple voting system: how to prevent duplicate votes
问题描述
我的网络应用程序正在利用JavaScript和firebase加载所有被投票的对象。我将强制用户登录并存储IP地址,用户名等。
问题:
- 这是从一开始就使用JavaScript从根本上有缺陷?我发现编写一个只改变数值和重新投票的脚本有很大的潜力。 (也许我可以验证前端数据是正确的,用户是否存在ajax调用?)
- 我的应用程序成功的失败机会这是太多了前端计算?
编辑:
对不起,我遗漏了关键的事实,我有一个更大的后端系统(WordPress),处理身份验证。我正在开发的应用程序在很大程度上是独立于WordPress的。我只是拉扯一些用户信息进行过滤。我选择Firebase作为其实时功能的存储解决方案。
我希望通过以下几种方法来打击选民欺诈:
- 低奖励$ 100 / month给出。
- 登录不是一个妥协,我实际上希望用户注册和验证与人眼有资格投票。其他人可以见证比赛,但不能投票。
- 服务器端检查。如果我的应用程序获得普及,我可以编写脚本来监视投票模式的违规行为?如果有人滥用这个系统,我会禁用他们的胜利。
可以安全地做到这一点客户端。但是,正如其他人所指出的,它确实需要用户登录。如果您已经在使用Firebase,那么使用 FirebaseAuthClient 实现起来非常简单。
然后,您可以将其与 Firebase安全规则来强制任何登录的用户只能投票一次。
您的安全规则可能如下所示:
<$ p $ {
rules:{
users:{
$ userid:{
voted_on:{
$ articleid:{
.write:!data.exists()
}
}
}
}
}
$ b $ p
$ b
这可以确保你可以给/ users / anant / voted_on / article1写入任何给定的值恰好一次。您可以添加一个 .validate 规则来确保这个值是一个布尔值(或其他)。
I'm building a simple web app with an up-vote option. I plan on offering cash rewards for the most up-voted so I want a relatively secure system. I have a couple questions about conception. I know that my post is similar to a few others but none seem to be specific enough to the platform to put my mind at ease.
My web app is utilizing javascript and firebase for loading all of the objects that are being voted on. I'm going to force a user to be logged in and store IP addresses, user IDs etc.
Questions:
- Is this fundamentally flawed from the start for using javascript? I see a large potential for writing a script that just changes values and re-votes. (maybe I can verify the front end data is correct and that the user exists with an ajax call?)
- With the off-beat chance my app becomes successful Is this going to be too much front end computing?
Edit: I'm sorry, but I left out the key fact that I do have a larger back end system(WordPress) that handles authentication. The app I'm working on is largely independent from wordpress. I'm simply pulling some user information for filtering purposes. I chose Firebase as a storage solution for its real-time features.
I'm hoping to combat voter fraud with a few methods:
- low rewards $100/month given away.
- being logged in isn't a compromise, I actually want users to be registered and verified with human eyes to be eligible to vote. Others can witness the contest but cannot vote.
- server-side checks. If my app gains popularity I can write scripts to monitor voting patterns for irregularities? if someone is abusing the system, I disable their ability to win.
It is certainly possible to do this securely client-side. However, as noted by others, it does require users to login. If you're already using Firebase, this is actually pretty easy to implement using the FirebaseAuthClient.
You can then couple this with Firebase security rules to enforce that any logged in user can only upvote once. Check out the screencast on the security page for an example!
Your security rules might look like:
{
"rules": {
"users:" {
"$userid": {
"voted_on": {
"$articleid": {
".write": "!data.exists()"
}
}
}
}
}
}
This ensures that you can write any given value to /users/anant/voted_on/article1 exactly once. You can add a .validate rule to ensure that the value is a boolean (or something else).
这篇关于一个简单的投票系统:如何防止重复投票的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
