January 30, 2006
Surveys Not Requiring Authentication are Meaningless
I stumbled upon the Share the Vision Poll today. As always, it is a politcally-charged question. This poll requires no authentication. So, after firing up the HTTP Headers extension for Firefox, I had my suspicious confirmed. Cookies are used to keep track of form submissions. So, after deleting all the cookies from studentaffairs.case.edu, I proceeded to take the survey multiple times.
Now, to the software's credit, it does have some hidden form elements that match a page request to the submission. So, if you want to hack the form submission process, you have to parse these values out of the HTML. Big deal. An extra 5 minutes of work. Still, enough to stop me from writing a cron script to submit my vote multiple times.
Anyway, because of this, the poll is worthless. You need something that requires you to log in and internally it keeps track whether YOU have taken the poll. I am liking the USG Survey System more and more. I can't wait to get it deployed at the university level...
Trackback
You can ping this entry by using http://blog.case.edu/gps10/mt-tb.cgi/5571 .