this post was submitted on 06 Jul 2023
33 points (97.1% liked)

Programming.dev Meta

2478 readers
1 users here now

Welcome to the Programming.Dev meta community!

This is a community for discussing things about programming.dev itself. Things like announcements, site help posts, site questions, etc. are all welcome here.

Links

Credits

founded 2 years ago
MODERATORS
 

cross-posted from: https://programming.dev/post/428156

Discovered from this Hacker News post:

you are viewing a single comment's thread
view the rest of the comments
[โ€“] RonSijm 8 points 1 year ago (1 children)

Really neat, was hoping someone would build something like this. I'm not the biggest fan of the default Lemmy skin.

But the login is a bit sketchy... I checked the network, and logging in just sends your credentials to their site (POST https://mlmym.org/programming.dev/) with the password in cleartext.

Not saying that the developer has any bad intentions, but if anything is misconfigured, like nginx logging incoming requests or something, it would be a security disaster if someone would somehow be able to access it

I don't know if this is a limitation of Lemmy / ActivityPub but I'd prefer if the auth happened directly to the Lemmy instance.

[โ€“] ruffsl 2 points 1 year ago

Yeah, I'd be hesitant to ever login to a third party client I couldn't self host. Hopefully O-Auth might be a future feature for Lemmy.