Hi,

I'm all for the security improvements, but it seems redundant to provide 2 different mechanisms to secure communications between boinc clients?

Could it be considered to use a single mechanism?

Thanks for consideration

Hi,

I'm all for the security improvements, but it seems redundant to provide 2 different mechanisms to secure communications between boinc clients?

Could it be considered to use a single mechanism?

Thanks for consideration

For the higgorant amongst us could you list the two mechanisms? I only know of one :-)

Sorry,

You have the

gui_rpc_auth.cfg which is enforced now.

remote_hosts.cfg which is white list of host, this is sort of redundant now as you need the key from gui_rpc_auth to make a connection, so kind of white list on client vs server.

Sorry,

You have the

gui_rpc_auth.cfg which is enforced now.

remote_hosts.cfg which is white list of host, this is sort of redundant now as you need the key from gui_rpc_auth to make a connection, so kind of white list on client vs server.

Sorry, I see this as a single mechanism - these are the hosts that can access the system and this is the password that they have to quote. Without the host file anyone with a key logger or anyone monitoring the network link can get the password and access the system.

OK, thanks I take this as a will not implement.

OK, thanks I take this as a will not implement.

We're not the developers. If that was a feature request, you have to ask at https://github.com/BOINC/boinc/issues, that's where the developers reside these days.

---