this post was submitted on 06 Jul 2023
32 points (97.1% liked)
Programming.dev Meta
2479 readers
29 users here now
Welcome to the Programming.Dev meta community!
This is a community for discussing things about programming.dev itself. Things like announcements, site help posts, site questions, etc. are all welcome here.
Links
Credits
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Really neat, was hoping someone would build something like this. I'm not the biggest fan of the default Lemmy skin.
But the login is a bit sketchy... I checked the network, and logging in just sends your credentials to their site (POST https://mlmym.org/programming.dev/) with the password in cleartext.
Not saying that the developer has any bad intentions, but if anything is misconfigured, like nginx logging incoming requests or something, it would be a security disaster if someone would somehow be able to access it
I don't know if this is a limitation of Lemmy / ActivityPub but I'd prefer if the auth happened directly to the Lemmy instance.
Yeah, I'd be hesitant to ever login to a third party client I couldn't self host. Hopefully O-Auth might be a future feature for Lemmy.