Changes between Version 1 and Version 2 of AccountControl


Ignore:
Timestamp:
Apr 25, 2007, 10:46:12 AM (17 years ago)
Author:
Nicolas
Comment:

Required manual changes to automatic conversion.

Legend:

Unmodified
Added
Removed
Modified

  • AccountControl

    v1 v2  
    11= Controlling account creation =
    22
    3       Under normal circumstances BOINC projects are open for participation by anybody who wants to contribute their computer to the project. There may be times, however, when a project needs to limit the creation of new accounts. BOINC offers two alternatives.
     3Under normal circumstances BOINC projects are open for participation by anybody who wants to contribute their computer to the project. There may be times, however, when a project needs to limit the creation of new accounts. BOINC offers two alternatives.
     4
    45== Disabling account creation ==
    5   To disable all account creation, edit the project configuration file config.xml and add to it the element:
     6
     7To disable all account creation, edit the project configuration file config.xml and add to it the element:
    68{{{
    79<disable_account_creation>1</disable_account_creation>
    810}}}
    9  This disables account creation via any mechanism (the client, the web, or account managers). You can momentarily remove this element while you create accounts.
     11
     12This disables account creation via any mechanism (the client, the web, or account managers). You can momentarily remove this element while you create accounts.
     13
    1014== Restricting account creation via 'invitation codes' ==
    11  It is also possible to restrict account creation to only those who present a secret 'invitation code'. In this case an account can only be created via the web pages, not via the client or an account manager.
    1215
    13 To use this mechanism you need to add to the file html/project/project.inc a definition for a PHP pre-processor symbol INVITE_CODES containing the allowed invitation codes. A simple example is:
     16It is also possible to restrict account creation to only those who present a secret 'invitation code'. In this case an account can only be created via the web pages, not via the client or an account manager.
    1417
     18To use this mechanism you need to add to the file `html/project/project.inc` a definition for a PHP pre-processor symbol INVITE_CODES containing the allowed invitation codes. A simple example is:
    1519
    1620{{{
    1721define('INVITE_CODES', '/xyzzy/');
    1822}}}
    19  This allows account creation only if the user enters the invitation code 'xyzzy' (without any quotes). The pattern in INVITE_CODES is compared to the user's input as a [http://us2.php.net/manual/en/reference.pcre.pattern.syntax.php Perl-Compatible Regular Expression (PCRE)], so don't forget the enclosing slashes. A more complicated example is:
     23
     24This allows account creation only if the user enters the invitation code 'xyzzy' (without any quotes). The pattern in INVITE_CODES is compared to the user's input as a [http://us2.php.net/manual/en/reference.pcre.pattern.syntax.php Perl-Compatible Regular Expression (PCRE)], so don't forget the enclosing slashes. A more complicated example is:
     25
    2026{{{
    2127define('INVITE_CODES', '/yohoho|blunderbuss|!grog4U/');
    2228}}}
    23  In a PCRE vertical bars separate alternatives, so this pattern just allows someone to create an account if they enter any of the words 'yohoho', 'blunderbuss', or '!grog4U'. More complex pattern matching is possible, though not required.  The security of this mechanism depends on how you distribute the invitation codes. If you write the code on the whiteboard in your lab then only someone with access to that room can use it. If you send it out to a mailing list then only members of that list can use it (until someone shares it with someone else who is not on the list). The goal here is not strict security so much as a way for a new project to limit account creation to a restricted set of users while the project is getting started.
    2429
     30In a PCRE vertical bars separate alternatives, so this pattern just allows someone to create an account if they enter any of the words 'yohoho', 'blunderbuss', or '!grog4U'. More complex pattern matching is possible, though not required.  The security of this mechanism depends on how you distribute the invitation codes. If you write the code on the whiteboard in your lab then only someone with access to that room can use it. If you send it out to a mailing list then only members of that list can use it (until someone shares it with someone else who is not on the list). The goal here is not strict security so much as a way for a new project to limit account creation to a restricted set of users while the project is getting started.