Copy link to clipboard
Copied
DISCLAIMER: This post neither condones nor promotes the intentional misuse/abuse of web forms. It merely illustrates how easy it can be to defeat form security when web developers don't exercise proper due diligence.
BACKGROUND: The great State of Georgia saw fit to create a Voter Cancellation Portal on their State's official website. It was intended to help those registered in Georgia update their voter status if, for example, they moved out of state and are no longer eligible to vote in Georgia. It would also allow family members to remove a deceased relative from the voter rolls.
HOW IT WORKS: Users with sufficient information can go online to remove their own or someone else’s name from the State's database of registered voters. It requires no special log-in ID or password, just a few clicks on the State's website form. Easy, peasy.
PROBLEM: Shortly after its launch, the Voter Cancellation Portal was abused multiple times -- much to the embarrassment of elected lawmakers who were victims of the abuse.
Watch the short video below to see how easy it was to cancel someone's name without their knowledge using only minimal information that's freely available from public records.
This is just one example of why ALL web forms must contain both front-end and back-end security measures.
If you're not experienced with forms and form security, hire an expert to help you. Or use a 3rd party service.
Hope you enjoyed this and please feel free to pass it along.
PUBLIC SERVICE ANNOUNCEMENT: It is estimated that more than 700,000 registered voters in the United States may have been removed from voter rolls without their knowledge. Go to http://Vote.Org to check your Voter Registration Status https://vote.org/am-i-registered-to-vote/ It takes about 30 seconds.
Have something to add?