The CPID is explicitly designed to prevent enumerating email addresses (otherwise we could have just used md5(email)), so I guess the inability to look up an account by email address alone is also intentional.
-- Nicolás > El 15 jun 2017, a las 09:18, Greg Agnew <[email protected]> escribió: > > Hi everyone, I have some problems with the WebRPC API. > > I am developing software that would pull users credit information from each > project. > > The problem I have is accessing that credit information using their e-mail > address. It has to be e-mail address so that I can confirm the owner of the > credit is the same owner as the e-mail. (Sending them an e-mail activation > link). > > Then use the user id to access the show_user call. The only other way to > get credit information is requiring the authentication string. > > Currently the only way to confirm email to userid is using the > authentication string with am_get_info. > Since the authentication string contains the users e-mail this is redundant. > > The authentication should not be required because it is an obvious security > flaw as it exposes their accounts entirely to me. > > I should be able to confirm the userid to email without requiring the > authentication string. Then use the userid to lookup credit information. > > EG: > > project/[email protected] > > Should return: > > <account_out> > <userid>123</userid> > <success/> > </account_out> > > > This would allow me to accept emailAddress and userID at a third party > website, and confirm that they are connected within your project. > > Thanks in advance, > > Greg > _______________________________________________ > boinc_dev mailing list > [email protected] > https://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev > To unsubscribe, visit the above URL and > (near bottom of page) enter your email address. _______________________________________________ boinc_dev mailing list [email protected] https://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
