[Tfug] SQL database question

Jeffry Johnston tfug at kidsquid.com
Tue Mar 18 20:25:41 MST 2008 

How about this:

1) the person before you, votes
2) it prints out TWO entries on the sheet (identical), which are hashes.
3) the person before you takes the first part, the second part waits
on you to vote
4) when you vote, based on the vote, a new hash is created, and two
new hashes are printed.. one for you, one for the next person
4a) in addition, a backup roll is printed (that you don't have access
to, but can see), where you can verify that the ending hash was
printed... matching yours (for the paper trail)
5) you take your sheet (with before and after hashes), leaving the
after hash for the next person
6) you can verify your vote was right by entering the before and after
hashes (the algorithm would be open, so I'd guess there would be
websites everywhere where you could do it)

Advantages:
1) you don't find out who the person before you voted for, but it
forms an unbroken chain (since the starting number was printed
twice).. so your starting hash number cannot have been fabricated
2) provides for independent verification.. but even the sheet you get
doesn't reveal your votes until you check them online
3) paper trail is verified by humans

Jeff


On Tue, Mar 18, 2008 at 8:01 PM, Bexley Hall <bexley401 at yahoo.com> wrote:
> Hi, Glen,
>
>
>
>  --- Glen Pfeiffer <glen at thepfeiffers.net> wrote:
>
>  > On 03/18/2008 06:47 PM, Bexley Hall wrote:
>  > > --- Glen Pfeiffer <glen at thepfeiffers.net> wrote:
>  > >> They can perform an export of the data only with
>  > no
>  > >> Stored  Procedures, Views, User Defined
>  > Functions, Triggers,
>  > >> etc. They  don't even have to include any
>  > constraints in the
>  > >> export  including Primary and Foreign keys.
>  > >
>  > > I wouldn't accept any "black box dump" unless you
>  > know what
>  > > else is "under the hood".  I.e., you need to know
>  > how data was
>  > > committed to the database (was it "colored" by the
>  > procedures
>  > > used to store it??) as well as how the "results"
>  > were
>  > > officially reported vs. how the *dump* was
>  > created.
>  > >
>  > My statement was based on the interpretation that he
>  > wanted the
>  > data, and did not care about the code. Maybe that
>  > was an incorrect
>  > interpretation.
>
>  >From his past discussions, it seemed as if he wants
>  to verify the integrity of the results and/or
>  process.  And, it seems like the vendor is saying
>  "trust me"...  :-/
>
>
>  > But yes, in order to verify the process you would
>  > not want a
>  > black box dump. But if that is the case you need the
>  > code for the
>  > applications interfacing with the database as well.
>
>
>
>
>
>       ____________________________________________________________________________________
>  Never miss a thing.  Make Yahoo your home page.
>  http://www.yahoo.com/r/hs
>
>
>
>  _______________________________________________
>  Tucson Free Unix Group - tfug at tfug.org
>  Subscription Options:
>  http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>

More information about the tfug mailing list