diff --git a/checkin_notes b/checkin_notes
index 784a62b379..f6efc9dd72 100644
--- a/checkin_notes
+++ b/checkin_notes
@@ -6368,3 +6368,13 @@ Rom    8 Aug 2008
     /
         configure.ac
         version.h
+
+David  9 Aug 2008
+    - client: don't use fixed-size buffer when looking for app files
+        in project prefs (avoid buffer overrun)
+    - web: don't show credit info if no_computing flag set
+
+    client/
+        cs_prefs.C
+    html/inc/
+        forum.inc
diff --git a/client/cs_prefs.C b/client/cs_prefs.C
index fecf5eec33..758498f712 100644
--- a/client/cs_prefs.C
+++ b/client/cs_prefs.C
@@ -294,18 +294,19 @@ int PROJECT::parse_preferences_for_user_files() {
     string timestamp, open_name, url, filename;
     FILE_INFO* fip;
     FILE_REF fr;
-    char prefs_buf[MAX_PROJ_PREFS_LEN];
-    strcpy(prefs_buf, project_specific_prefs.c_str());
-    p = prefs_buf;
 
     user_files.clear();
+    size_t n=0, start, end;
     while (1) {
-        q = strstr(p, "<app_file>");
-        if (!q) break;
-        q2 = strstr(q, "</app_file>");
-        if (!q2) break;
-        *q2 = 0;
-        strcpy(buf, q);
+        start = project_specific_prefs.find("<app_file>", n);
+        if (start == string::npos) break;
+        end = project_specific_prefs.find("</app_file>", n);
+        if (end == string::npos) break;
+        start += strlen("<app_file>");
+        string x = project_specific_prefs.substr(start, end);
+        n = end + strlen("</app_file>");
+
+        strlcpy(buf, x.c_str(), sizeof(buf));
         if (!parse_str(buf, "<timestamp>", timestamp)) break;
         if (!parse_str(buf, "<open_name>", open_name)) break;
         if (!parse_str(buf, "<url>", url)) break;
@@ -324,10 +325,7 @@ int PROJECT::parse_preferences_for_user_files() {
         fr.file_info = fip;
         strcpy(fr.open_name, open_name.c_str());
         user_files.push_back(fr);
-
-        p = q2+strlen("</app_file>");
     }
-
     return 0;
 }
 
diff --git a/html/inc/forum.inc b/html/inc/forum.inc
index df91d66f1f..edaf68e0dc 100644
--- a/html/inc/forum.inc
+++ b/html/inc/forum.inc
@@ -495,8 +495,10 @@ function show_post(
     }
 
     echo "
-        <tr class=\"row".$n."\" valign=\"top\">
-        <td rowspan=\"3\"><a name=\"".$post->id."\"></a><div class=\"authorcol\">
+        <tr class=\"row$n\">
+        <td rowspan=\"3\">
+        <a name=\"$post->id\"></a>
+        <div class=\"authorcol\">
     ";
 
     echo user_links($user);
@@ -530,16 +532,18 @@ function show_post(
         $user->nposts = BoincPost::count("user=$user->id");
     }
     
-    if(function_exists('project_forum_user_info')){
+    if (function_exists('project_forum_user_info')){
         project_forum_user_info($user);
-    } else { // default
+    } else {
         // circumvent various forms of identity spoofing
         // by displaying the  user id of the poster.
         //
         echo "Posts: $user->nposts<br>";
         echo "ID: ".$user->id."<br>";
-        echo "Credit: ".number_format($user->total_credit)."<br>";
-        echo "RAC: ".number_format($user->expavg_credit)."<br>";
+        if (!no_computing()) {
+            echo "Credit: ".number_format($user->total_credit)."<br>";
+            echo "RAC: ".number_format($user->expavg_credit)."<br>";
+        }
     }
     echo "</span></div></td>";
 
@@ -580,8 +584,12 @@ function show_post(
         }
         echo "<br>This post has been filtered (rating: ".($post->rating()).")$andtext, press <a href=\"?id=".$thread->id."&amp;filter=false#".$post->id."\">here</a> to view this thread without filtering";
     }
-    echo "</td></tr></form>";
-    echo "<tr class=\"row$n\"><td class=\"postbody\">";
+    echo "</td>
+        </tr>
+        </form>
+        <tr class=\"row$n\">
+        <td class=\"postbody\">
+    ";
 
     if (!$filter || !$rated_below_threshold){
         $posttext = $post->content;