Hi all, I'm writing a script to allow users to vote on news articles, and I'm unsure how to go about securing the vote button from double voting, or other's voting in other's names.
the script is simple at the moment, it simply passes the article id and user id's to in an ajax call, and then the article is promoted. But, This certainly can't be secure as it would seem to me that someone could find a way of changing the user id, so the vote would count in another's name. I've noticed that **** and pligg both are passing md5 hash's around in the ajax calls, but as to how this is being used to secure the voting process is beyond me.
I'll continue to ponder this, but any info or advice would be well appreciated.