Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community!

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial


Anonymous ID for voting system

Hey all.

I'm currently working on a digital voting system in Laravel. I'm struggling to keep the user anonymous since the user should be able to view his recent votes and such, but admins and other backend users should not be able to see what the users voted for. But there should definitly be a relation between the two tables. The question is: how?

Is bcrypt() on the FK enough? Will it even work? It's just a little bit too much food for my thought.

1 Answer

Kevin Korte
Kevin Korte
28,147 Points

Will the users voting be "logged in" to the system, and is it still okay if the database admin could see who voted for what?

Maybe I should clear things up with telling a little more about the project.

The voting system would be used for elections (such as new president of a country). But as you know, no one can ever possibly now who you voted for unless you tell someone.

Workflow: -> User logs in -> User selects the election and gets on a page with details (candidates, end date, status, ...) -> User presses the 'vote' button and gets to the page where he can vote on his favorite candidate. -> Once the user voted, this is saved in the DB but no one should be able to know what he voted for (not even the admin). -> The user can only vote once so the DB should save if the user has voted. -> Let's say the user wants to check if he voted correctly he can make a request to the DB to get the information what he voted for.

As far as I know there should be a way to hash the data. And then unhash it when the user makes the request. I just don't know how to approach this situation. I really want it to work like this because it's a real challenge (for me atleast) and a step towards a great functioning application.

*note A user can vote on diffrent elections, so a boolean 'hasVoted' can not work (I think?)

Kevin Korte
Kevin Korte
28,147 Points

Hey Aurelio,

I've been thinking about this one, but I haven't been able to come up with a way that the whoever built and maintains the site and database couldn't figure out who voted for who. Even if you hashed say the id of the candidate that person voted for, whoever built/maintained the site could see the has, and manually unhash it.

Because you need the website to be able to show the logged in user who they voted for, it ultimately means the person who created/maintains the site can undo anything you do to protect the votes.

The ONLY way I've been able to come up with an idea is to store something on the user side, that the website admin wouldn't have access to, maybe a key in the user's browser local storage, but this obviously creates a whole list of more problems - and I'm not sure I'd recommend that.

I'm sorry, I've thought about using geolocation, IP address, etc, but with every solution, I can think of a way around it as well.

So I'm really not sure. I'm not sure it's possible. Makes me think though that if you mailed in an election ballot, whoever processes the ballots could know who voted for who, so I also wonder how critical this is.

The only think I can think of is that whoever has access to the database, which may contain random id's and/or hashes of votes, could in no way have access to the code that might have hints as to what the id/hash matches to, and the one who maintained the code couldn't have access to the database - which would be a bit unusual.

Either way, I wish you the best of luck - let me know if you do find a better solution. This is a legit problem you have lol

Hey Kevin, I haven't come up with a better solution yet. Your suggestion is probably the closest I can get. There should be a way to do this tho... but it's probably too advanced and only DB engineers could come up with it perhaps? Anyway i'll give you a vote up for the time and effort to help me out and once I find a better way i'll surely let you know!