On Mon, Sep 11, 2006 at 06:44:14PM +1000, Nick Jenkins wrote:
Another option is to use a formula similar to IMDB's, which I assume has been arrived at due to some amount of research.
IMDB only count registered active users towards their "Top 250" . search (which would be the equivalent of ignoring votes from anons) . Maybe a good idea for things that you think people are likely to try . and cheat on .
And this seems like a good time for me to make a point near and dear to my heart:
Those who assert that the design of a system like this needn't be secure, "since nothing is actually based on it [now]" need to read RISKS a little more regularly.
If you *create* a system like this, people will eventually base things on it -- that's sort of what it's *for* -- and therefore you need to 1) choose the safest set of assumptions for that sort of environment, and b) document exactly what those assumptions are (by preference, in the code that makes them) so that later users can make an informed decision about exactly whether the code is reasonable for their use.
Cheers, -- jra