Commit Graph

3 Commits

Author SHA1 Message Date
David Anderson 8490214d48 - server/web: the weak auth scheme had a major flaw:
It didn't work on a host's first scheduler RPC
    (when it passes an auth but no host ID).
    How do we look up user in this case?
    The weak auth is not stored explicitly in the DB.
    Solution: include the user ID in the weak auth.
    (this invalidates existing weak auths)

svn path=/trunk/boinc/; revision=14546
2008-01-14 16:32:34 +00:00
David Anderson 4e9fa4f0c6 - tweaked weak-auth page (from Nicolas Alvarez)
svn path=/trunk/boinc/; revision=14372
2007-12-09 04:13:24 +00:00
David Anderson 3f41f9a88d - Add weak account key mechanism.
Each account has an associated weak account key.
    The user can see it by visiting weak_auth.php.
    If you put the weak account key in the account file on a computer
    (instead of the regular account key)
    the computer will attach to the account.
    But the weak account key cannot be used to log in
    to the account on the web, or to do web RPCs, or anything else.

    Note: this involves a scheduler change.

svn path=/trunk/boinc/; revision=14367
2007-12-07 23:23:25 +00:00