Hi again,
In response to the loss of password hashes for some of our accounts I made up a random password, and hashed it with the email address and added it to the database (just like the BOINC functions do) for the affected users. However, I am told that even when this was done, when the project was brought back online after a week of downtime, our moderators (who were in the subset of affected accounts) were able to access their account details page without entering a password (they did not know the new password, and I expected them to have to go through the password recovery option, which they tell me they did not do). So something in BOINC allows users to stay logged in for days at a time, even if the server goes down. Is this something that should be looked at too? Jonathan Miller System Administrator Climate Prediction dot Net, University of Oxford Tel: 01865 610680 _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
