- cross-posted to:
- uiux@programming.dev
- cross-posted to:
- uiux@programming.dev
cross-posted from: https://programming.dev/post/428156
Discovered from this Hacker News post:
cross-posted from: https://programming.dev/post/428156
Discovered from this Hacker News post:
Really neat, was hoping someone would build something like this. I’m not the biggest fan of the default Lemmy skin.
But the login is a bit sketchy… I checked the network, and logging in just sends your credentials to their site (POST https://mlmym.org/programming.dev/) with the password in cleartext.
Not saying that the developer has any bad intentions, but if anything is misconfigured, like nginx logging incoming requests or something, it would be a security disaster if someone would somehow be able to access it
I don’t know if this is a limitation of Lemmy / ActivityPub but I’d prefer if the auth happened directly to the Lemmy instance.
Yeah, I’d be hesitant to ever login to a third party client I couldn’t self host. Hopefully O-Auth might be a future feature for Lemmy.