I’m not concerned with your code, it’s passable, I’m concerned with you hosting other people’s effective access and leading people into thinking you have secure coding practices in mind when you clearly lied and are being unusually defensive when called out for stating fact about your project.
trakata
- 0 Posts
- 5 Comments
Joined 2 years ago
Cake day: June 12th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Simply don’t use it, this is posted in bad faith attempting to deceive for access credentials.
No, thanks.
I don’t store your password if that’s what you’re asking! …
The JWT token is not stored on the server, it’s only in a cookie in your browser.
When you schedule a post, the post details, your instance, your username and your JWT token are stored in a job…
You’re simply storing secrets on the server and running it by proxy, nothing prevents you from extracting those JWTs from the job stores and actioning them against an arbitrary Lemmy API with crafted calls.
It is severely ironic that your code, schemes and banter are all incredibly basic