@dullbananas@lemmy.ca does the design hold up?
Comment on Private voting has been added to PieFed
sabreW4K3@lazysoci.al 5 months ago
So I’ve been thinking about this and I would go for a different approach.
Admins can set voting to be public or private on a server wide level.
When users vote, a key is created as the userid
The votes table is essentially: voteid, postid, userid, timestamp, salt, public
If the vote is private, userid is salt(userid, password)
And it’s that simple.
sabreW4K3@lazysoci.al 5 months ago
dullbananas@lemmy.ca 5 months ago
This might work well with a separate per-user random secret value instead of the password.
Overall the vote privacy issue is a tough dilemma for me.
lazynooblet@lazysoci.al 5 months ago
With the user id being salted it’s going to be different every time. This means it’ll be difficult if not impossible to monitor voting trends or abuse.
Also how would you use the password unless it was stored in the clear. If it’s based on a pre-salted tuple, how does one handle password changes?
sabreW4K3@lazysoci.al 5 months ago
Dammit! Okay, cancel the salt idea. How about just a simple md5() and then it should remain a static value right?
kudos@lemmy.ml 5 months ago
Let me change my password real quick…
sabreW4K3@lazysoci.al 5 months ago
Just add a function so when you change your profile, it also pulls all records that match md5(userid, password) and then update them records too.
Though I’m convinced the overarching logic is correct, this is not my wheelhouse, so I’m probably wrong.