Lemmy

13469 readers

59 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 5 years ago

MODERATORS

nutomic@lemmy.ml

Someone made an OAuth for Lemmy (lemmy.ml)

submitted 2 years ago by OsrsNeedsF2P@lemmy.ml to c/lemmy@lemmy.ml

1 comments fedilink hide all child comments

Found this when logging into the Lemmy.world Place canvas

https://canvas.toast.ooo/

top 1 comments

sorted by: hot top controversial new old

[–] Saik0Shinigami@lemmy.saik0.com -1 points 2 years ago

While the login system works...

It's ripe for abuse though. DMs are federated traffic and are not cryptographically secured in any form. So in theory a bad actor instance admin could spawn unlimited accounts and login... Or just sniff incoming requests from whatever instance this traffic is spawned from and obtain the login code.

For something like this, probably fine... But I wouldn't use it for anything else, nor would I trust any app that does use this system.