Re: Re: Timer for web page display

Of course if I wanted to cheat, I'd just disable javascript and take my time on the quiz...

I hate to say it, but you might be better off with a java applet. It'll be harder to f**k with (an enterprising user could play with the system clock...)

UPDATE: mugwumpjism is correct that careful serverside validation should obviate the need for Java usage (good riddance). I don't know what I was thinking. I take comfort that my paranoia survived my muddy thinking. Trust not the client!

TGI says moo

Comment on Re: Re: Timer for web page display

Replies are listed 'Best First'.
Re: Re: Re: Timer for web page display by mugwumpjism (Hermit) on Jul 17, 2001 at 04:17 UTC
Easily avoidable. Record somewhere the time that you issued the quiz to that session. On subimssion, check that it has been submitted within the allowable timespan. Or, encrypt the time that it was sent in a hidden field. When you get the form back decrypt the time. Remember to include somewhere the mention that attempts to circumvent the time limit will void the quiz entry. The key here is use three methods: Instruct the user to take less than 20 minutes on the test. Instruct the browser to automatically submit the form after 20 minutes using the javascript in above posts Enforce in the CGI script, by securely associating each issue of the quiz with a time, either stored locally or securely encrypted in the form. `srand 3.14159; print join("", sort{rand 1<0.5}map{$_^"\037"}split m{ }x,"qmptk\|z~wOzm??l]pUqx^k?j"),",\n";` [download]	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: Re: Timer for web page display
by mugwumpjism (Hermit) on Jul 17, 2001 at 04:17 UTC

Easily avoidable. Record somewhere the time that you issued the quiz to that session. On subimssion, check that it has been submitted within the allowable timespan.

Or, encrypt the time that it was sent in a hidden field. When you get the form back decrypt the time.

Remember to include somewhere the mention that attempts to circumvent the time limit will void the quiz entry.

The key here is use three methods:

Instruct the user to take less than 20 minutes on the test.
Instruct the browser to automatically submit the form after 20 minutes using the javascript in above posts
Enforce in the CGI script, by securely associating each issue of the quiz with a time, either stored locally or securely encrypted in the form.

srand 3.14159; print join("",
sort{rand 1<0.5}map{$_^"\037"}split m{
}x,"qmptk|z~wOzm??l]pUqx^k?j"),",\n";
[download]

[reply]
[d/l]