mirror of https://github.com/BOINC/boinc.git
c4f4421ff0
The web RPCs done by the client during project attach (lookup_account, create_account) have an email address and password hash in their request. Network sniffers could potentially see these, so we should use HTTPS for these RPCs if possible. However, not all BOINC projects have SSL-enabled web servers. So I did the following: - Change get_project_config.php to return an additional <web_rpc_url_base> element. This is SECURE_URL_BASE (if specified in the project's project.inc config file) or, if not, the master URL. - This new element is parsed into the PROJECT_CONFIG structure. - In calls to create_account and lookup_account, the Manager uses PROJECT_CONFIG::web_rpc_url_base if it's available, else the master URL. So, the new Manager/client uses HTTPS for RPCs to projects that have updated their get_project_config.php, and specify a SECURE_URL_BASE with https:// prefix. Android note: I added code to parse the new config element, but didn't change the higher-level code; Joachim will need to do this. |
||
|---|---|---|
| .. | ||
| bt | ||
| drupal | ||
| inc | ||
| languages/translations | ||
| ops | ||
| project.sample | ||
| queue | ||
| user | ||
| Makefile.am | ||