I am wondering what are the technical hurdles involved with offering a voting system (or say ratings) without requiring the user to sign in. I know there are issues with robots, voting a bunch - but what if you keep the users IP address? Do proxies become an issue?
I'd like to build a public voting system that is still reliable.. is that possible right now?
EDIT The stakes are moderately high for correctness, that is human-verification, and one-vote-per-user. A full-fledged login will ask too much of the user given his role (voter)
Also, if this is "impossible" to accomplish, how can you detect vote fraud after the fact? Could wikipedia's model work here?
Thanks, Matt Mueller
As you said, you'll need to handle robot behavior.
If you log an IP address, you'll have problems with corporate users which usually stay behind a proxy, so everyone seems to have same IP.
Maybe you should to display some CAPTCHA image to validate human votes. Can't be that hard for users, since it's suppose to vote only once.
EDIT: How to enforce one vote per user?
You can:
- Ask for a valid email and send a link to vote
- To log your user in and let it vote
- Let user vote and save a cookie
- Let user vote and ban user IP
All this options have a weakness, so you'll never be sure.
To handle this problem "definitely", you'll probably need to bind their virtual identity with their real identity. This can be done by asking for personal information and keeping it. But that brings a whole new problem set.
First of all, be sure the voting uses POST to prevent robots and pre-caching clients to cause a vote.
Restricting IP addresses will cause problems with dynamic IP ranges, proxies and people sharing a connection, so I wouldn't go this way. Most of those systems remember that a user a voted using a cookie, but this can of course easily be tricked by deleting the cookie or just using a different browser.
来源:https://stackoverflow.com/questions/1897434/what-are-the-implications-of-offering-a-public-voting-system-no-sign-in-require