We are building an on-line app for students and student election committees to hold simulations of real-life elections at their schools. This implies the app has to provide for universal, direct, secret, and equal voting, and an intuitive interface for the committees to count and send the election protocol. The app holds the position of an electronic voting machine, to which voters are admitted after being authenticated by the committee.
The expected numbers of users is approximately 2000 at 5 schools at a time, so over a week, some 10k users should cast their votes.
We are having issues with populating a repeating panel with checkboxes with the correct candidates and collecting the check-box selection, right now the fix is kind of awkward.
We also have no idea how secure the app or how to estimate load before failure.
Last but not least we still haven’t figured out how to set Global variables
So if you’re seeing this, please comment or let us know how to improve on the code!
Thanks!
Will be welcoming all suggestions!
As far as the table.search() goes I have a vague idea how to prevent the error by storing the number of times the code has been used and limiting the search to order=1.
for those who have been following, the app is live at https://studentskevolby.anvil.app/
inputting a voter code from a list of codes would successfully guide the user through correct candidate lists through a hierarchy of constituencies/voting districts and record the vote in a table
However, finding out how to split strings and how to count candidates seems out of reach atm.
In other words, the voting machine has also to print results for the given polling station as the other core feature.
Hi @martin.kustek , I cloned your app from the link where you asked about parsing a column and I just wanted to make you aware that you have both the Ballot and Votes tables as editable directly by forms:
This is insecure and will allow any malicious actor to violate the integrity of the vote information and or modify the ballot information for any potential future users.
Any and all code that changes the actual voted information should be passed through a server function that updates the table information, and that callable function should be properly secured using some kind of user authentication function passed to the @anvil.server.callable() decorator.
I would write a simple security function that checks if the user is logged in or not in the server module.
If you wanted to make it more complicated, your security function could even disallow voting in the election during invalid times. (AKA before the start of or after the election is over)
You can pass this function directly to the @anvil.server.callable() decorator.
I have a function prepared for the rooms, where the voting station can be open and closed by the committee, upon providing a pre-shared PIN (in Schools table).
Security hangs on the validation of voter codes. The point of the app is to let all holders of valid voter codes to vote, where voter codes are disbursed by a live committee in a physical room. e: from the app’s POV, the vote should be always anonymous.
e: I reckon security would be improved by storing selected checkboxes into Global variables instead of the Ballot table, and have a server function collect the Global variables at end of the vote sequence into the Votes table. In this way, Forms objects wouldn’t use write access to tables at all. Please correct me if wrong.
I’ll do it as soon as I resolve the other issue I’m looking at, the counting function from the Committee Form.
There, I need to count individual votes which can each have multiple items (or none).
You’re right and that’s a good way how to look at it.
I have rewritten the code to use global variables and got rid of the Ballot table. All the tables should be read-only from the client - and they’re either public data - constituencies or candidates - or anonymous data - like votes submitted.
I could work on hiding the votes or schools tables from client entirely as improvements after key features are done.