Hi i am thinking of creating an online voting system for my final year project. Do you guys think its a good idea
Hi i am thinking of creating an online voting system for my final year project. Do you guys think its a good idea
Wrong forum by a mile.
And final year of what? Alevel degree?
Degree, maybe if you can get all the hosting sorted.
Alevel, forget it
what kind of voting system?
how big?
i assume its not just going to count the posts and display the results - I mean that would be abit simple and is alevel stuff
so i assume its going to be complex, can you tell us more?
This does sound interesting ...
Some points that you may like to concider are:
- how to prevent users from submitting multiple votes under different aliases
- how the data is displayed, if this is a degree project maybe concider looking at flash or svg to present the data in multiple graph formats (pie, bar etc)
- security against the data being hacked at a database level, using stored procedures etc
As for hosting, this wouldn't be a problem as if it's a school/collage/uni project surely it can be hosted locally without the need to buy hosting?
As has been said before, some more detail as in the level of study you are at, what the voting system is to be used for, timescale you have to work to etc ...?
and in my experience, hard (hand) coding everything and avoiding frontpage (ugh!) etc will gain you marks, but make sure you understand all the code (code comments will definatly help you if put on the spot) so if asked you don't look like you copied it from the internet![]()
I dont know how many unis have proper hosting though, https, php, sql etc. although you really wouldnt want to be using php since you need to store the passwords in plain text somewhere.Originally Posted by Jon E
why would php require plain txt passwords? I dont think it would.
If you are doing this at uni then chances are its for a computing related degree....most unis have servers with all the gubbins on or will let you install it/set your own one up.
Twigman
As far as i know the only way to connect to a database (admittedly i only used mysql) in php is by having plaintext strings sat around somewhere, although i may be wrong.Originally Posted by Twigman
The same goes for all languages...It's just a matter of securing the files that contain the DB credentials.Originally Posted by herulach
"All our beliefs are being challenged now, and rightfully so, they're stupid." - Bill Hicks
You don't have to use username and passwords, Network Authentication is an option, and as for a final year project i think its a great idea.
Lots of stuff to write about, talk about a lot of encryption, how to validate users, how to prevent fraud.
There are loads of angles you can look at this at.
Public Web site is not the only angle. Consider things like activeX type controls to the voters machine, (discuss things like rootkits to prevent voting twice? - see main General discussion forum for a really interesting thread on it)
Logging IP enough?, working with ISP's to help secure it.
Sounds like a great idea for degree to me. Best to run some of these ideas via your tutors etc too i'd guess.
TiG
-- Hexus Meets Rock! --
nope, u use an algorithm like md5.Originally Posted by herulach
u encrpyt a ppassword...compare it to encrypted version of password in database. if they match u log in, if not u dont.
no plain strings anywhere
I see what youre saying, but theres 2 problems, 1 you need access to the databse to do that, hence have to put a password somewhere or someone can just connect and pull the hash straight out. Second, md5 is such a poor crypto algorithm it would be trival just to brute force it.Originally Posted by Davos
1. if you think inputting your password into a php script to connect to mysql is not secure, then you must be rather paranoid. that password never leaves the internal server, and unless somebody hacks the server, it is safe. and for arguments sake, if somebody did hack the server, that password would be the last thingto worry about.
2. md5 is the standard for anything other than an internet bank. it is not poor, and can not be brute force guessed, but i invite you to try it anyway. PM me if you want access to a login form
im not a php guru, but i can understand that what you said isnt really backed up
Its all relative though, i assume if its online voting the op means elections, which should be at least as secure as a bank, if not more so. And also there are ways of getting the php off teh server without it being parsed, in which case you have the password and you can do whatever the hell you like to it.Originally Posted by Davos
herulach, you're misguiding a lot of people here, please stick to areas where you know the facts.
md5 is not a poor crypto algorithm by any stretch of the imagination. It is highly secure and was only recently cracked and even then the method of cracking it would require a supercomputer of the sort only really available to large organisations such as the FBI.
If your server is set up properly there is no way to get the PHP off it without having network or physical access to the box and as someone else pointed out if you get such access then someone having access to your database password is the least of your worries.
I'm i recall md5 being cracked quite easily, although i freely admit im not a massive crypto geek (just a bit of one) and could quite easily be getting confused.Originally Posted by Iain
The thing about getting php off the server stems back to when i first learnt it. Although thinking about it you could just put it outside your htdocs, in which case a youd only be vulnerable to exploits in apache/IIS.
Edit: googling reveals i misunderstood the attack on it, it appears to only be vulnerable if you can get a copy of the original message. LInk
THinking about it further probable the best way to go about it is some kind of public key encryption. Send key pairs to your voters in some fashion (would obviously need to be more secure than post, but you dont need to worry about it, then use that to verify whos who, you dont need to worry about people voting twice then either.
Edit of the Edit: Excellent idea, say you envisage the key pair being stored on the chip on the new national ID card, and have a reader for said card in your voting box.
Last edited by herulach; 08-11-2005 at 11:44 PM.
Hi Everyone
I am planning to make the online voting system secure, and its a final year university project. Any other ideas you might have will be highly appreciated.
There are currently 1 users browsing this thread. (0 members and 1 guests)