Subject:
|
Re: Elections and Membership in ldraw.org
|
Newsgroups:
|
lugnet.cad.dev.org.ldraw
|
Date:
|
Fri, 25 Apr 2003 16:54:33 GMT
|
Viewed:
|
1712 times
|
| |
|
|
In lugnet.cad.dev.org.ldraw, Dan Boger writes:
> On Fri, Apr 25, 2003 at 04:33:07PM +0000, Orion Pobursky wrote:
> > I think something Parts Tracker-like would do the job. You email the system
> > admin, he puts you in the system. This puts a human element into voter
> > registration instaed of some blind webbot. This also requires you to keep a
> > current Email address. Some spoofing is possible but the only way to
> > completely prevent voter fraud would be to require 'in person' registration
> > with a copy of a photograph, as you can see this is impossible.
>
> not sure I see where this is any better than requiring a valid email
> address? where valid means you actually have to get your password when
> it's mailed to that email. The problem is, that it's really easy to get
> many email accounts. Inventing a name to go with each isn't hard :/
>
> The real question is how much security do we want?
>
> On Fri, Apr 25, 2003 at 04:37:41PM +0000, Tim Courtney wrote:
> > Perhaps a voter confirmation email sent when a vote is cast, similar to how
> > LUGNET authenticates posts? So, voting could be done via the web, but in
> > order to confirm, you would also have to reply to an email.
>
> I think that's a bit of an overkill - since we can require an email
> address at registration time (password is emailed to you, you can't vote
> without it). Once we are sure that you are really reading that email
> address, sending out additional confirmation emails doesn't really buy
> us anything.
>
> Could require a valid credit card number, to be billed $0.01, but I'm
> not sure Paypal would appreciate us using their system this way...
>
> Not sure what other solutions are available to an online-only group.
Don't forget we don't need just ONE scheme. There can be several, and you
use the scheme you are most comfortable with as a prospective member.
For instance: (just a thought starter)
Could piggyback off something else... have a complex scheme that involves
mailing in things to somewhere to validate who you are or something OR you
give your LUGNET member number and avoid the scheme, because you already are
valid that way?
Assuming LUGNET antispoofing is sufficiently robust for us... it is, ne?
|
|
Message has 1 Reply:
 | | Re: Elections and Membership in ldraw.org
|
| (...) nod, good point. (...) well, while I do trust the Lugnet auth to insure that you can't post as me, I don't see how it verifies that I'm a real person, as opposed to a part of Jennifer's imagination... (...) I'm not as worried about people (...) (22 years ago, 25-Apr-03, to lugnet.cad.dev.org.ldraw)
|
Message is in Reply To:
| | Re: Elections and Membership in ldraw.org
|
| (...) not sure I see where this is any better than requiring a valid email address? where valid means you actually have to get your password when it's mailed to that email. The problem is, that it's really easy to get many email accounts. Inventing (...) (22 years ago, 25-Apr-03, to lugnet.cad.dev.org.ldraw)
|
74 Messages in This Thread:
   
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
