[RESOLVED] a tamper-proof voting system, is it possible ?

steamPunk

A client has asked me about the feasibility of making a tamper-proof voting system where proof could be given to outside observers that the site developers and administrators have not interfered with the vote totals.

basically, the idea is that site users can vote on different issues but it's very important that the site is seen to be objective and above any suspicion of fraud.

do you think that it's possible to do this ?

I initially thought of setting up and testing the system, then having a third party change the MySQL password and updating the php include that contains the SQL connection info - but then i thought that they would also need to be able to check the code to ensure that i haven't hidden a vote-boosting function that would be activated by a GET variable ....

does anyone know of a different way of approaching the problem ?

maybe some kind of log that would prove that all updates or inserts are carried out by different people ...

thanks for any ideas you may be able to give

Weedpacket

Just observing that not even Diebold (or whatever they call themselves these days) have managed to do this, but that hasn't stop them with being entrusted to manufacture the voting machines for U.S. presidential elections.

steamPunk

lol - good point

NogDog

I think the best you could do is require that each voter register, allowing only one registration per email address, using some sort of email link to verify each registration. Then each item voted on would allow only one vote per registered account. This does not make it tamper proof, and I'm not sure how you could prove that you did not programmatically "stuff the ballot box", but at least you would limit the ability/ease for web users to do so.

steamPunk

yes - i'd kind of reached the same conclusion whilst mulling over this problem - so thanks for your replies chaps and i will hereby close this thread