Pages: [1]
david.hoyt@tyoh.org
BAM!ID: 174767
Joined: 2014-11-18
Posts: 2
Credits: 18,958
World-rank: 1,315,314

2014-11-22 15:03:28

I know this one has been beaten to death. But BoincStats really needs to be much more functional when it comes to attaching to other projects. Rather than just searching for the same userid and password, it also needs to be able to specify other userids and passwords.

World Community Grid is the worst that I've seen so far. I'm assuming it's and IBM problem as many IBM systems have draconian password restrictions. For example, no special characters (e.g. punctuation marks) are allowed. So if I want to create strong passwords for all of the other services, I need to minimize the strength of by BoincStats password. Which also contuse onto every other project. Userids and passwords should also be possible using UTF. Ther's no need to force the world to use ANSII userids and passwords.

But it's not just WCG. People have been using BOINC projects for years w/o using BoincStats. Typically, those userids and passwords will be different from BoincStats. The current implementation is just too limited.

BoincStats doesn't even need to add the functionality. The Boinc Manager allows projects to be added in addition to using BoincStatsBam! When the project manager synchronies with BioncStats, the projects that are defined w/o the manager could simply be added to the list of projects. You might not get all of the same information from the project, but that's better than not even having it listed.

And of course, there is the security problem. Having one username and password on multiple systems is a very bad idea. Having everything the same is a large security nightmare. It also implies that you store the userid and password in cleartest or some cyphertext format. Chyphertext really isn't any more safe than clear text, because the system, userid and passwords will be simple to decode once someone hacks into your system. You may or may not notice the hack, so may not even be able to tell the users that their userids and passwords have been revealed to the world.

This is computer architecture 101. As many Fortune 500 companies have noticed in the past few years, it's just plain stupid. There are a class security patterns out there. In a site like this, you'd probably want to use the stripped down pattern.* It would be safest to implement a simple coordination issue between BoincStats and BoincManager.

* [The standard pattern is generic and can be used to achieve most any level of security. But the pattern can be implemented with simple constraints to provide a lower level w/o to much work.]

I'm do being sadistic necrophilia and I'll stop beating this dead horse.

David
noderaser
 
BAM!ID: 13859
Joined: 2006-12-03
Posts: 835
Credits: 254,540,673
World-rank: 5,626

2014-11-23 01:36:02

david.hoyt@tyoh.org wrote:
BoincStats doesn't even need to add the functionality. The Boinc Manager allows projects to be added in addition to using BoincStatsBam! When the project manager synchronies with BioncStats, the projects that are defined w/o the manager could simply be added to the list of projects. You might not get all of the same information from the project, but that's better than not even having it listed.

The stats are completely separate from the account manager, which is the only function requiring the use of the same account details (username, email, password) to function properly. The stats are based on CPID and exports from the projects.
Pages: [1]

Index :: Comments and suggestions :: Attaching to other projects
Reason: