| 1 | = Project security = |
| 2 | |
| 3 | Before creating a BOINC project, read about [http://boinc.berkeley.edu/security.php security issues in volunteer computing]. BOINC provides mechanisms that address the major issues, making volunteer computing safe both for you and for participants. '''If you don't use these mechanisms correctly, |
| 4 | your project will be vulnerable to a variety of attacks. |
| 5 | In the worst case, your project could be used as a vector |
| 6 | to distribute malicious software to large numbers of computers. |
| 7 | This would be fatal to your project, |
| 8 | and would cause serious damage to volunteer computing in general. |
| 9 | ''' |
| 10 | |
| 11 | We recommend that you do the following: |
| 12 | |
| 13 | |
| 14 | * Secure each of your server computers as much as possible. Read and implement the [http://www.cert.org/tech_tips/usc20_full.html UNIX Security Checklist 2.0] from AusCERT and CERT/CC. |
| 15 | * Put all server computers behind a firewall that lets through minimal traffic (e.g., HTTP and SSH where needed). |
| 16 | * Read about [http://dev.mysql.com/doc/refman/5.0/en/security-guidelines.html MySQL general security guidelines], and make your MySQL server as secure as possible. |
| 17 | * Make sure your application doesn't become infected. Secure your source-code repository, and examine all checkins. If your application uses third-party libraries, make sure they're safe. Read about [http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html Secure Programming for Linux and Unix], especially if your application does network communication. |
| 18 | * Use BOINC's [http://boinc.berkeley.edu/code_signing.php code-signing mechanism], and use a disconnected and physically secure code-signing computer. |
| 19 | |