On Mon, Sep 11, 2006 at 06:44:14PM +1000, Nick Jenkins wrote:
Another option
is to use a formula similar to IMDB's, which I assume
has been arrived at due to some amount of research.
IMDB only count registered active users towards their "Top 250" .
search (which would be the equivalent of ignoring votes from anons) .
Maybe a good idea for things that you think people are likely to try .
and cheat on .
And this seems like a good time for me to make a point near and dear to
my heart:
Those who assert that the design of a system like this needn't be
secure, "since nothing is actually based on it [now]" need to read
RISKS a little more regularly.
If you *create* a system like this, people will eventually base things
on it -- that's sort of what it's *for* -- and therefore you need to
1) choose the safest set of assumptions for that sort of environment,
and b) document exactly what those assumptions are (by preference, in
the code that makes them) so that later users can make an informed
decision about exactly whether the code is reasonable for their use.
Cheers,
-- jra
--
Jay R. Ashworth jra(a)baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA
http://baylink.pitas.com +1 727 647 1274
"That's women for you; you divorce them, and 10 years later,
they stop having sex with you." -- Jennifer Crusie; _Fast_Women_