Really neat, was hoping someone would build something like this. I’m not the biggest fan of the default Lemmy skin.
But the login is a bit sketchy… I checked the network, and logging in just sends your credentials to their site (POST https://mlmym.org/programming.dev/) with the password in cleartext.
Not saying that the developer has any bad intentions, but if anything is misconfigured, like nginx logging incoming requests or something, it would be a security disaster if someone would somehow be able to access it
I don’t know if this is a limitation of Lemmy / ActivityPub but I’d prefer if the auth happened directly to the Lemmy instance.
Really neat, was hoping someone would build something like this. I’m not the biggest fan of the default Lemmy skin.
But the login is a bit sketchy… I checked the network, and logging in just sends your credentials to their site (POST https://mlmym.org/programming.dev/) with the password in cleartext.
Not saying that the developer has any bad intentions, but if anything is misconfigured, like nginx logging incoming requests or something, it would be a security disaster if someone would somehow be able to access it
I don’t know if this is a limitation of Lemmy / ActivityPub but I’d prefer if the auth happened directly to the Lemmy instance.
Yeah, I’d be hesitant to ever login to a third party client I couldn’t self host. Hopefully O-Auth might be a future feature for Lemmy.