-
-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider replace IP restriction with another mechanism #11
Comments
Maybe have them sit on a landing page and complete a proof of work? https://github.com/indutny/proof-of-work |
Another mitigation strategy is to expire IPs in the database after X minutes. This will let people vote once per X minutes which is enough to mitigate voter fraud and also sufficient to avoid collisions (two people behind same IP voting within X minutes of each other). Not sure if DynamoDB supports this but I have implemented something similar in Redis since features key expirations. The proof-of-work concept is pretty cool too. |
DynamoDB supports it seems https://aws.amazon.com/about-aws/whats-new/2017/02/amazon-dynamodb-now-supports-automatic-item-expiration-with-time-to-live-ttl/ This will also keep the number of records to a minimum since you won't have to store millions of IP addresses. |
ahh I'm storing in a set right now, in the poll's doc, but could create a second doc for the ip set which expires as a whole |
IPv4 addresses are almost over, so a lot of ISPs provide a single IP to multiple users (NAT).
One possible and simple user validation could be a Github user account.
The text was updated successfully, but these errors were encountered: