You are viewing a single comment's thread from:
RE: Project Rain - Update regarding development!
I've raised several BOINC web server security concerns:
http://lists.ssl.berkeley.edu/pipermail/boinc_dev/2016-September/thread.html
http://lists.ssl.berkeley.edu/mailman/private/boinc_projects/2016-September/011834.html
TL;DR: I need to add authentication key reset functionality, need to significantly improve the password hashing process (currently md5, salted with email - abysmal!) and I need to provide email verification before providing access to the user's account.
I'll be adding secure chat client fields too, but they will not be exportable to prevent bot abuse: pgp, retroshare, tox, echo, ring and wickr).