Zend PHP5 Contest Voting System Broken
Posted: Fri Sep 24, 2004 11:53 am
The coding portion may be over, but it seems the battle to take over
the #1 position has just begun.
Those who have spent many eye-straining hours in front of their
computers will surely appreciate the irony of being able to cheat the
voting system on the very site that hosts the "Top 21 PHP Programming
Mistakes" (part 1, part 2, part 3).
*hint*
Perhaps the better contest would have been to write a
contest voting system that is secure?
*hint*
Not only can a user
vote for their own code while logged in as themselves (morally
unethical), you can also cheat the system by simply modifying a url a
little bit.
https://www.zend.com/php5/contest/rate. ... ng=5&</PRE>
I should also mention that zend has been made well aware of this
problem yet has basically told the people to buzz off when they were
telling them they need to fix this.
In my opinion this is a really crappy system!
One more thing you can do it set the rating to 1 and drop everyone
else from the top 10
*Note*: - yesterday we had all .geek users in the top 1-8
So, I raise my cup of java and offer this hearty cheers - "Here's to
better coding... and better voting systems!"
the #1 position has just begun.
Those who have spent many eye-straining hours in front of their
computers will surely appreciate the irony of being able to cheat the
voting system on the very site that hosts the "Top 21 PHP Programming
Mistakes" (part 1, part 2, part 3).
*hint*
Perhaps the better contest would have been to write a
contest voting system that is secure?
*hint*
Not only can a user
vote for their own code while logged in as themselves (morally
unethical), you can also cheat the system by simply modifying a url a
little bit.
https://www.zend.com/php5/contest/rate. ... ng=5&</PRE>
I should also mention that zend has been made well aware of this
problem yet has basically told the people to buzz off when they were
telling them they need to fix this.
In my opinion this is a really crappy system!
One more thing you can do it set the rating to 1 and drop everyone
else from the top 10
*Note*: - yesterday we had all .geek users in the top 1-8
So, I raise my cup of java and offer this hearty cheers - "Here's to
better coding... and better voting systems!"