Actually deleting a user account (row in user table) would harm the consistency
of the database, these are referenced everywhere. As BOINC (web) code is not
really good in handling unexpected results of DB queries this would cause
visible problems all over the place.
However a standard procedure ("function") for invalidating accounts that is
made known to users as well as project admins would certainly be of value, and
nowadays would actually be required by the laws of an increasing number of
countries.
I would add a button "delete account" that sets the name to the predefined
string "(account deleted)",.does.something similar with the email address and
modifies the authenticator such that it becomes invalid, but the original value
can still be derived if necessary (e.g. append "_deleted").
A project admin then can still restore (access to) the account when he gets
mailed the original authenticator for verification.
Best,
Bernd
On 7. August 2014 06:30:08 MESZ, David Anderson <[email protected]> wrote:
>I'm not sure a "delete account" function is needed.
>A use can effectively remove his account by setting
>the name and email address to random strings.
>-- David
>
>
>On 06-Aug-2014 3:14 PM, Jord van der Elst wrote:
>> Hi developers,
>>
>> I've taken a longer look at deleting the account at BOINC projects.
>> The option is there in the code, but it's at present disabled, as it
>> isn't fool proof.
>> Now, I'm not saying I can make it fool proof, but...
>>
>> What if when I wanted to delete my account, I press the key to do so,
>> I get the warning pop-up asking me if I really want to do so, I click
>> Yes.
>> That at that time, all that really happens is that the account's
>> authentication key gets removed from the database, that the
>> authentication key is emailed to me --the deleting user-- and to the
>> project administrator (special email address?) but that the account
>is
>> still in the database just not accessible by me? The email to the
>> project administrator will hold the date and time of removal, the
>> authentication key, my email address, my IP address (?) and my
>> (nick)name.
>>
>> Then if I think the next day or week that I want to have my account
>> back, that I can email the administrator, give him the details on the
>> account and the authenticator key, and that all he has to do is add
>it
>> back in the database, and presto everything works again? Of course,
>by
>> also (silently) sending this to the project administrator, we make
>> sure that if someone malicious managed to get his hands on my
>account,
>> and deleted it, that the project administrator is able to put it back
>> without much trouble.
>>
>>
>>
>> -- Jord van der Elst.
>> _______________________________________________
>> boinc_dev mailing list
>> [email protected]
>> http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
>> To unsubscribe, visit the above URL and
>> (near bottom of page) enter your email address.
>>
>_______________________________________________
>boinc_dev mailing list
>[email protected]
>http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
>To unsubscribe, visit the above URL and
>(near bottom of page) enter your email address.
_______________________________________________
boinc_dev mailing list
[email protected]
http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
To unsubscribe, visit the above URL and
(near bottom of page) enter your email address.
