My project (which is currently in production and has a growing user
base, https://www.grcpool.com ) involves rewarding researching with
Gridcoin Cryptocurrency which gives the researchers an ability to
recover some of their researching costs. This is much different than the
current account managers of course.
Regardless, I am still curious about my concern, even for the existing
account managers that researcher's password keys are freely passed to
account managers. Future account managers that are not as trustworthy
could be a potential problem?
On 3/17/17 7:35 AM, McLeod, John wrote:
A BOPINC account manager is specifically for cross site account management.
There are 2 of them so far, BOINC Stats BAM and Grid Republic. Why do you
believe you need to implement this code?
JM7
-----Original Message-----
From: boinc_dev [mailto:[email protected]] On Behalf Of Brian
Sent: Thursday, March 16, 2017 1:07 PM
To: [email protected]
Subject: [boinc_dev] BOINC Account Manager & Password Keys
Hi,
I am working on a research pool for Gridcoin. Part of this development
involves an account management piece to the site. During the development
of the account manager, I noticed when BOINC client makes an account
manager request to my server, it passes all projects that are attached
to it into the account manager regardless of what attached it. This data
includes the password keys to the projects which are not currently
attached to my account manager. It appears I could take these account
keys to gain access to individuals accounts for those projects.
Just mostly an observation, not sure if this has been discussed or not...
Thanks for your time,
Brian Burkhardt...
_______________________________________________
boinc_dev mailing list
[email protected]
https://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
To unsubscribe, visit the above URL and
(near bottom of page) enter your email address.
_______________________________________________
boinc_dev mailing list
[email protected]
https://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
To unsubscribe, visit the above URL and
(near bottom of page) enter your email address.
