Good point!
I changed the client so that it reports the account key only for
projects attached using the account manager.
-- David
On 3/16/2017 10:06 AM, Brian wrote:
Hi,
I am working on a research pool for Gridcoin. Part of this development involves an
account management piece to the site. During the development of the account
manager, I noticed when BOINC client makes an account manager request to my
server, it passes all projects that are attached to it into the account manager
regardless of what attached it. This data includes the password keys to the
projects which are not currently attached to my account manager. It appears I
could take these account keys to gain access to individuals accounts for those
projects.
Just mostly an observation, not sure if this has been discussed or not...
Thanks for your time,
Brian Burkhardt...
_______________________________________________
boinc_dev mailing list
[email protected]
https://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
To unsubscribe, visit the above URL and
(near bottom of page) enter your email address.
_______________________________________________
boinc_dev mailing list
[email protected]
https://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
To unsubscribe, visit the above URL and
(near bottom of page) enter your email address.
