Info | Message |
---|---|
1) Message boards : Web interfaces : Passwords & Security
Message 2119 Posted 20 Dec 2005 by post |
I'm gald that the newest version supports https. It would still be nice if it required https.
Where do you see that I have SIX CPDN Sulphur WUs on one PC? |
2) Message boards : Web interfaces : Account Not Found
Message 2118 Posted 20 Dec 2005 by post |
[quote]No, but how about using the Cross-project ID ? Okay, I'm totally lost by what you're asking. Why not use the Cross-project ID to login? Is that plain enough? Do you want this sent just to the BOINC website such that you have to go find this large random number to be able to signin here, ] This large random number is easily accessed by going to the bottom of the page of your account info. rather than having to take a couple of minutes to create an account using your email address and password? You still have not addressed the security concerns of sending passwords as clear text... Should the CPID be sent to _every_ project, every time it's changed, so that you will already have an account everywhere, in case you want to sign up there someday? No, I was not explicitly or implicitly making that suggestion. You seem to have great difficulty understanding what I am saying. Is English a second language? If so, I can try to compose my concerns in another language. |
3) Message boards : Web interfaces : Passwords & Security
Message 2115 Posted 20 Dec 2005 by post |
HTTPS has been added to BOINC Manager recently, and a couple of projects support it for various things. More will probably do so later. First - It's more than the BOINC Manager; any projects website does not support https. Perhaps I was misinformed, but I was told that it isn't up to the projects, it is a BOINC issue. But I have to ask - who cares? Second - uh, I do. (thought that was obvious). It is just good practice for passwords to be sent encrypted. What can someone do who gets your project password? Change your preferences, I suppose, or change your password (which you could easily recover with 'lost my password'), or possibly even "hijack" your account, which could be corrected by notifying the project that someone had done so. Basically cause you some trouble, but that's about it. They can't use that password to access anything on your computer, it's a one-way "to the server" path. Third - Using this reasoning why have passwords for this at all? Why not just use your e-mail address? What can someone do who gets your e-mail address? Change your preferences, I suppose, or change your e-mail address / "hijack" your account, which could be corrected by notifying the project that someone had done so. Basically cause you some trouble, but that's about it. Fourth - Though it is not a good idea many people use a password for multiple accounts (accessing e-mail, logging on to their computer, accessing bank accounts, etc.). |
4) Message boards : Web interfaces : Account Not Found
Message 2114 Posted 20 Dec 2005 by post |
How? Do you want every project to send each other everybody's email address and passwords? Not very secure... No, but how about using the Cross-project ID ? Under account info, at the bottom of the page, Cross-project ID is listed. The Cross-project ID "is a unique identifier across multiple projects. Accounts with the same email address on different projects will have the same cross-project identifier (as long as at least one computer is attached to both accounts)." So could be used as login info for the BOINC website. Not very secure... Neither is the sending of passwords without encryption, but this appears to be the standard for BOINC across projects. |
5) Message boards : Web interfaces : Account Not Found
Message 2111 Posted 20 Dec 2005 by post |
I tried to login to this Forum using my Boinc/Seti Account Key but was told: We have no account with the key... I tried to login to this Forum using my Boinc/Seti e-mail & password but was told that: No account found with email address... I can understand not being able to use my Boinc/Seti Account Key since there may be duplicate account keys generated across projects, but my e-mail and password should be unique. I don't understand why I was required to create another account to post to this website. Why not use my email address and password created when setting up a Boinc project? |
6) Message boards : Web interfaces : Passwords & Security
Message 2110 Posted 20 Dec 2005 by post |
I would really appreciate it if you provide the option (if not actually force) a secure connection for the entering/transmitting of passwords. |
Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License,
Version 1.2 or any later version published by the Free Software Foundation.