Skip to content

Client-Side Protections for Raffle Submissions #6

Description

@erthium

We need take precautions not to let anyone submit more than once to any raffle.

The things we discussed and might implement on the client side:


Cookies: We can store cookies for every submitted raffle id, so if the user can try to enter the page again, they will be redirected to a page that says Your submission has been sent. Cookies can be easily deleted so this is only to prevent a regular user, any automation process can bypass this one.

Google reCAPTCHA: We can use captcha to prevent automatic submissions.

Personal Information Entry: We can have unique fields for the submission form so the users cannot enter the same email address or phone number twice. Then we can inform the users/organisers to get personal info like this and check data integrity of the winner. We can only provide unique questions fields for this one.

IP detection is also possible but it can be discussed on the backend api-winnerduck repository.

Metadata

Metadata

Assignees

No one assigned

    Labels

    p2Quite importantsecurity(paranoid noises)

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions