Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 73E55C90A for ; Tue, 29 May 2012 06:29:34 +0000 (UTC) Received: (qmail 74655 invoked by uid 500); 29 May 2012 06:29:33 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 74136 invoked by uid 500); 29 May 2012 06:29:32 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 74098 invoked by uid 99); 29 May 2012 06:29:31 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 May 2012 06:29:31 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jens@couchbase.com designates 206.225.164.32 as permitted sender) Received: from [206.225.164.32] (HELO EXHUB020-5.exch020.serverdata.net) (206.225.164.32) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 May 2012 06:29:23 +0000 Received: from EXVMBX020-1.exch020.serverdata.net ([169.254.4.239]) by EXHUB020-5.exch020.serverdata.net ([206.225.164.32]) with mapi; Mon, 28 May 2012 23:29:00 -0700 From: Jens Alfke To: "user@couchdb.apache.org" Date: Mon, 28 May 2012 23:28:59 -0700 Subject: Re: Request object in validate_doc_update Thread-Topic: Request object in validate_doc_update Thread-Index: Ac09ZFURFsl7v1QfSTGRQwMUEiAJyQ== Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_CB5DB94A82474B0BA92B54EA1CC9C4CCcouchbasecom_" MIME-Version: 1.0 --_000_CB5DB94A82474B0BA92B54EA1CC9C4CCcouchbasecom_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable On May 28, 2012, at 2:26 PM, Luca Matteis wrote: contained in the request), so why not give the IP address of the request as well? This would allow the creation of even more powerful Couchapps. The IP address is not very useful for what you're trying to do. Given the p= revalence of NAT (even by ISPs and cell carriers), multiple different users= can appear to be at the same IP address; and given dynamic addressing and = mobile devices, a single user can appear at multiple IP addresses over time= . In other words, if you do this it will offend some of your users who will b= e accused unfairly of cheating simply because they're behind a NAT, and it'= ll still be pretty easy for people to hack around by just voting from home,= from work, and from a cafe. Basically any system with disposable easily-created anonymous accounts will= run into issues like these. There isn't any way around them without making= the accounts stickier. But that's off-topic for this list. =97Jens --_000_CB5DB94A82474B0BA92B54EA1CC9C4CCcouchbasecom_--