Hi, (Note that I'm not affiliated with the BOINC project at all.)
On Sun, Apr 28, 2013 at 11:54:02AM +0200, Peter Schlaile wrote: > to anyone knowing the htaccess passwords... I would personally highly recommend you add IP filtering and/or other extra checks on top of htaccess in any case. > Never mind that not caring about input parameter validation is clearly > *bad* design in the first place. Right, I'm certainly not defending that code, and I expect it will get promptly fixed. I just mean that I think the idea is that you should be very paranoid about who gets access to it in any case. I imagine further security reviewing of the BOINC code would be welcome. I spent some time reviewing the non-ops code, for example the scheduler: http://thread.gmane.org/gmane.comp.distributed.boinc.user/3776 http://thread.gmane.org/gmane.comp.distributed.boinc.user/3741 And someone else found input parameter issues in the non-ops PHP code: http://thread.gmane.org/gmane.comp.distributed.boinc.user/3658 So there might well be other things to worry about too.. - Alyssa _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
