Questions and Answers :
Wish list :
Site Bug: I Also Have This Question
Message board moderation
Author | Message |
---|---|
Atangel Send message Joined: 14 May 99 Posts: 61 Credit: 1,024,161 RAC: 0 |
Seems like the right place for a web site bug. I can click my own "I Also Asked This Question" button and increment the counter. Seems vaguely profane, but people could alter their own post's stats. Edit: I did a POC with this post (and found the bug in another, by accident). Asked 5 times already? In fact, I did ask 5 times, but I don't think anybody else did |
Nemequor Send message Joined: 29 Aug 02 Posts: 32 Credit: 1,013,570 RAC: 1 |
I don't think that this is actually a bug in the site. Making sure that same people don't click on that button more than once and similar things is easy to do, but not very effective. There are only a number of ways in which such user control is possible, and usually those are cookies (which holds information about you clicking on the button), but this is easy to bypass by deleting the cookies. Other way is to keep the IP address of the user in a database in the servers and then check if the user is the same as before.. but as you may know, most people have dynamic IP addresses (the address changes from time to time), so this is not too effective either, not to mention the workload it would make to a database server because of the number of users on this site. One other commonly used user control method is creating "sessions" for every user, but this is easy to bypass too, simply by closing the browser or being idle for a while so that the session times out. Indefinite timeout is just not practical, especially if the computer the session is attached to is a public computer or similar, in which case, everyone using that computer would continue to use the same session, thus having full access to everything the session controls (or has access to). I'd imagine this is what the users don't generally want.. There might be other ways that I'm not aware of though :) regards --J |
Atangel Send message Joined: 14 May 99 Posts: 61 Credit: 1,024,161 RAC: 0 |
Don't need anything fancy, you need to be signed on as "you" to post as "you" so don't allow the poster to see/click his own button. Actually, can people NOT signed on even see the button? Edit: typo. |
Nemequor Send message Joined: 29 Aug 02 Posts: 32 Credit: 1,013,570 RAC: 1 |
> Don't need anything fancy, you need to be signed on as "you" to post as "you" > so don't allow the poster to see/click his own button. Doesn't change the limitations/problems of the methods anywhere, which is what I tried to explain in my earlier post. > Actually, can people NOT signed on even see the button? Yes they can, unless i made a wrong turn somewhere between logging out, restarting the browser, and returning here just to see if the button would still be there. --J |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.