|
|
|
|
Joined: May 2002
Posts: 362
Junior Member
|
|
Junior Member
Joined: May 2002
Posts: 362 |
I'm currently trying to do a research project through my college - it's a program evaluation of my online community.
I was able to sift through Josh's "Contact Us" mod to create a survey that collects users' responses and then emails it to me.
The problem is this:
I'm not allowed to collect identifying information - IPs, user numbers, etc.
But, I need to figure out a way to set a cookie or something so that users can't take the survey again. I thought about creating a flag in the database, but then I could still track what users have completed the survey and the ethics committee at school won't like that.
I can't have any clue about who participated.
Sooooo, anyone have any thoughts? I understand that if I did it with a cookie people could just delete it, and retake it, but it seems like the only way for me to do it without having extra information, which could identify the participants.
I'm open to any suggestions or ideas.
-peter
|
|
|
|
|
Joined: Nov 2001
Posts: 10,369
I type Like navaho
|
|
I type Like navaho
Joined: Nov 2001
Posts: 10,369 |
You could create a table to record who took the survey, but make it anonymous like this. Create an MD5 hash (one way encryption) on thier login name (which never chnages). When they enter the survey form, check if that hash already exists in the db. If it does, stop them. If it doesn't, then write it to the table and let them take the survey. That way - assuming you're requiring them to be logged in, they can only do one survey per user. 
|
|
|
|
|
Joined: May 2002
Posts: 362
Junior Member
|
|
Junior Member
Joined: May 2002
Posts: 362 |
I'm not requiring them to be logged in though.... Couldn't I look in the database and see if there is a hash there - which would mean they took the survey, no hash means they didn't? I'm not saying I would. But, the ethics committee would say that if I have access, someone else could gain access and potentially compromise the data.
See, I'm not even allowed to know that kind of information.
[This is all built on the fact that I'm saying it's a completely anonymous survey.]
|
|
|
|
|
Joined: Nov 2001
Posts: 10,369
I type Like navaho
|
|
I type Like navaho
Joined: Nov 2001
Posts: 10,369 |
Yeah, it wouldn't work for anonymous users.
What I was suggesting was a separate table, which would only contain hashes of people who took the test. There'd be no other info there - and MD5 is a one way encryption. So you won't have anyway to know.
I guess for anonymous users you could encrypt thier IP address and use that instead. But either IP address or cookie aren't fool proof. Like you said, peopel could delete the cookies (or change their IP). So either way would work just as well.
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
|
Posts: 417
Joined: November 2001
|
|
|
Forums63
Topics37,575
Posts293,930
Members13,823
| |
Most Online6,139
Sep 21st, 2024
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
|
|
