Posts by post

1) Message boards : Web interfaces : Passwords & Security (Message 2119) Posted 20 Dec 2005 by post Post: Well, the person at CPDN may not be aware of every project out there, or be watching the code stream for BOINC. But a Japanese BOINC project had some requirement for using HTTPS, and was having to create their own version of the BOINC client to do that, then redo the changes with each new BOINC release. So the support for HTTPS was added to the standard client in V5. I'm gald that the newest version supports https. It would still be nice if it required https. EDIT:: Off-topic stupid question, from backtracking your CPDN thread reference... how on earth do you have SIX CPDN Sulphur WUs on one PC??? I certainly hope 4 of those are "ghosts"... Where do you see that I have SIX CPDN Sulphur WUs on one PC?
2) Message boards : Web interfaces : Account Not Found (Message 2118) Posted 20 Dec 2005 by post Post: [quote]No, but how about using the Cross-project ID ? Okay, I'm totally lost by what you're asking. Why not use the Cross-project ID to login? Is that plain enough? Do you want this sent just to the BOINC website such that you have to go find this large random number to be able to signin here, ] This large random number is easily accessed by going to the bottom of the page of your account info. rather than having to take a couple of minutes to create an account using your email address and password? You still have not addressed the security concerns of sending passwords as clear text... Should the CPID be sent to _every_ project, every time it's changed, so that you will already have an account everywhere, in case you want to sign up there someday? No, I was not explicitly or implicitly making that suggestion. You seem to have great difficulty understanding what I am saying. Is English a second language? If so, I can try to compose my concerns in another language.
3) Message boards : Web interfaces : Passwords & Security (Message 2115) Posted 20 Dec 2005 by post Post: HTTPS has been added to BOINC Manager recently, and a couple of projects support it for various things. More will probably do so later. First - It's more than the BOINC Manager; any projects website does not support https. Perhaps I was misinformed, but I was told that it isn't up to the projects, it is a BOINC issue. But I have to ask - who cares? Second - uh, I do. (thought that was obvious). It is just good practice for passwords to be sent encrypted. What can someone do who gets your project password? Change your preferences, I suppose, or change your password (which you could easily recover with 'lost my password'), or possibly even "hijack" your account, which could be corrected by notifying the project that someone had done so. Basically cause you some trouble, but that's about it. They can't use that password to access anything on your computer, it's a one-way "to the server" path. Third - Using this reasoning why have passwords for this at all? Why not just use your e-mail address? What can someone do who gets your e-mail address? Change your preferences, I suppose, or change your e-mail address / "hijack" your account, which could be corrected by notifying the project that someone had done so. Basically cause you some trouble, but that's about it. Fourth - Though it is not a good idea many people use a password for multiple accounts (accessing e-mail, logging on to their computer, accessing bank accounts, etc.).
4) Message boards : Web interfaces : Account Not Found (Message 2114) Posted 20 Dec 2005 by post Post: How? Do you want every project to send each other everybody's email address and passwords? Not very secure... No, but how about using the Cross-project ID ? Under account info, at the bottom of the page, Cross-project ID is listed. The Cross-project ID "is a unique identifier across multiple projects. Accounts with the same email address on different projects will have the same cross-project identifier (as long as at least one computer is attached to both accounts)." So could be used as login info for the BOINC website. Not very secure... Neither is the sending of passwords without encryption, but this appears to be the standard for BOINC across projects.
5) Message boards : Web interfaces : Account Not Found (Message 2111) Posted 20 Dec 2005 by post Post: I tried to login to this Forum using my Boinc/Seti Account Key but was told: We have no account with the key... I tried to login to this Forum using my Boinc/Seti e-mail & password but was told that: No account found with email address... I can understand not being able to use my Boinc/Seti Account Key since there may be duplicate account keys generated across projects, but my e-mail and password should be unique. I don't understand why I was required to create another account to post to this website. Why not use my email address and password created when setting up a Boinc project?
6) Message boards : Web interfaces : Passwords & Security (Message 2110) Posted 20 Dec 2005 by post Post: I would really appreciate it if you provide the option (if not actually force) a secure connection for the entering/transmitting of passwords.

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.