Comments (3)
It seems to me that there is no theoretical security problem with what you propose.
However, Human Factor and UX come into play, and we must be careful before doing such a change.
In the present email, this is kind of obvious that the message contains personal security data. The code is made very visible.
Hiding this personal information in a link might cause situations where the voter does not realize that this is a personal link and forwards the email to a friend/colleague who asks "Do you know where is the link for voting?"
This is the only security risk I can think of, and this does not mean that this is a no-go, but still calls for carefulness.
from belenios.
I've implemented the feature for the election homepage (via #c=123-456-789-abc-deN
) and both booths (via #credential=123-456-789-abc-deN
). The election homepage automatically forwards the credential to the booth, if present. So, (with the next release), credential authorities will be free to send direct links. For now, emails sent in automatic mode do not (we need to work on the wording).
from belenios.
Thank you @glondu. This truly looks great. However, I also understand the concerns raised by @pgaudry. The problem with users (accidentally) sharing their personal voting information with others exists in the current mode as well. Maybe we can make the whole thing optional. (Either through the interface or only for manual mode with the separate credential authority).
from belenios.
Related Issues (20)
- General trustee structures from web server
- Prompt to confirm irreversible changes HOT 1
- <br> perhaps not working in v1.19 HOT 2
- Is it possible to get a report of all the people who actually voted in an election? HOT 1
- as a voter, i would prefer not having to wait at every election for an email to find and start voting HOT 1
- Election export and import into a text file like .json
- Markup of questions and answers <b>bold</b> and <i>italic</i> and new line <br> HOT 1
- Type"ScoreVoting" with "blank" should have the blank field after each answer. Not blanking the whole block. HOT 3
- Back-Button at end of election clears all answers and starts from the beginning
- Ask for login and password early when entering election booth HOT 2
- Tally of Majority Judgment-ScoreVoting: Show indiviual results of each answer and the "acceptance" level HOT 4
- Verify only new data with belenios-tool HOT 3
- STV support HOT 4
- Provide self-contained downloadable report HOT 4
- Make texts more consistent HOT 2
- When exiting the Questions tab with the Home button I get an obstructive error
- Time in local format
- define if election will be open/close after activation
- Belenios 2.4 update SSL_get_peer_certificate error HOT 2
- Election administrator is not available on election home page HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from belenios.