wiki:ProjectSecurity

Project security

Before creating a BOINC project, read about security issues in volunteer computing. BOINC provides mechanisms that address the major issues, making volunteer computing safe both for you and for participants.

If you don't use these mechanisms correctly, your project will be vulnerable to a variety of attacks. In the worst case, your project could be used as a vector to distribute malicious software to large numbers of computers. This would be fatal to your project, and would cause serious damage to volunteer computing in general.

We recommend that you do the following:

  • Secure each of your server computers as much as possible. Read and implement the UNIX Security Checklist 2.0 from AusCERT and CERT/CC.
  • Put all server computers behind a firewall that lets through minimal traffic (e.g., HTTP and SSH where needed).
  • Read about MySQL general security guidelines, and make your MySQL server as secure as possible.
  • Make sure your application doesn't become infected. Secure your source-code repository, and examine all checkins. If your application uses third-party libraries, make sure they're safe. Read about Secure Programming for Linux and Unix, especially if your application does network communication.
  • Use BOINC's code-signing mechanism, and use a disconnected and physically secure code-signing computer.
Last modified 18 years ago Last modified on Apr 27, 2007, 12:28:17 PM