| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Support
Forum: Suggestions / Feedback
Thread: Team Memorial Account -- requires BOINC server upgrade |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 9
|
|
| Author |
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
One of the things our team (Team Starfire World BOINC) used to do in the "classic" days was have an extra account set up as a memorial to deceased members.
For 30 days or so, anyone who wished to would crunch for the memorial account instead of their personal account. In the classic days this was simple; crunching for an account only required the email address of the account, not the password. To attach a project with a particular account in BOINC, both the email and password are required, leaving the account vulnerable to hijacking by any low-life. According to this: Weak account key if a project's BOINC servers are the 7 DEC 2007 version or later, accounts have both an account key that can be used to log in for full access, and a weak-key that may be used only as an authenticator in the project's xml file. We of TSWB would like to see WCG upgrade as soon as possible, as one of our members recently lost a young brother to cancer, and we would dearly love to crunch in memoriam for Help Conquer Cancer. However, without the server upgrade, we cannot accomplish this while maintaining account security. Thanks in advance! |
||
|
|
Sekerob
Ace Cruncher Joined: Jul 24, 2005 Post Count: 20043 Status: Offline |
Think if you use the BOINCcmd tool with the proper Account ID you can attach without the actual password. The experts may confirm if this is a workaround.
----------------------------------------The Wiki explains: http://boinc.berkeley.edu/trac/wiki/BoincCmd --project_attach URL account_key Attach to an account Added: highlight/bolded the key word! As Didactylos explains below it gives no access to the actual member My grid page, but allows contributing.
WCG
----------------------------------------Please help to make the Forums an enjoyable experience for All! [Edit 1 times, last edit by Sekerob at Feb 6, 2008 10:16:59 PM] |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
There are two sides to this:
Firstly, WCG has never allowed using the account key for logging on. So, you can share the account key without problems (I think). The second thing is that the weak account key isn't stable yet. The format has changed once already, and may change again. WCG are probably going to hold off until it is stable. Is this solution not going to work for you? World Community Grid don't use all of the standard parts of BOINC, so they look at each feature individually. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Think if you use the BOINCcmd tool with the proper Account ID you can attach without the actual password. The experts may confirm if this is a workaround. The Wiki explains: http://boinc.berkeley.edu/trac/wiki/BoincCmd --project_attach URL account_key Attach to an account Nope. The problem here is the same; going to the account page for the project, with that full account_key, allows that user to change anything--name, password, team, whatever. We could already just supply the full account_www.worldcommunitygrid.org.xml file to get folks attached, but with the same vulnerability. Thanks! |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
World Community Grid don't allow that, as I said in my post. Try it - there is no way to log into the website without your username and password.
This is why we don't need the weak auth - World Community Grid is already secure. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
World Community Grid don't allow that, as I said in my post. Try it - there is no way to log into the website without your username and password. This is why we don't need the weak auth - World Community Grid is already secure. We have! This is acceptable! Thank you, and we're glad it didn't cause you additional work! |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
I'll ask the techs about replacing the account key with a weak account key, since at World Community Grid they are interchangeable, and it will be clearer for people like you comparing WCG with other BOINC projects.
|
||
|
|
knreed
Former World Community Grid Tech Joined: Nov 8, 2004 Post Count: 4504 Status: Offline Project Badges: 
|
Actually we just need to get our server updated to support this. We are going to soon. It will be good because we have some enhancements to give back to BOINC.
At some point in the future we will add support for the AMS update functions (nobody get excited - this will only occur awhile after we shut down UD). The interface between us and the AMS use the authenticator for communications. So while sharing the authenticator freely is fine for now that may change in 9-12 months. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Actually we just need to get our server updated to support this. We are going to soon. It will be good because we have some enhancements to give back to BOINC. At some point in the future we will add support for the AMS update functions (nobody get excited - this will only occur awhile after we shut down UD). The interface between us and the AMS use the authenticator for communications. So while sharing the authenticator freely is fine for now that may change in 9-12 months. I think that means we'll have to wait to pursue this idea. We'd rather not have that account key out in the wild. |
||
|
|
|