Public
- Public
- Network
- Groups
- Popular
- People

Conversation

Notices

:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: (kaniini@pleroma.site)'s status on Thursday, 21-Mar-2019 13:19:15 JST :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd:
- :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd:
did you know that in Mastodon, every time you use the web client with new localStorage it requests a new OAuth token?
did you know that Mastodon mobile apps cannot be trusted to refresh the token?
did you know Pleroma has to emulate this security hole for app compatibility?
it’d be nice if we could actually fix this gaping security hole…

In conversation Thursday, 21-Mar-2019 13:19:15 JST from pleroma.site permalink
- ? Himawari Prodromou repeated this.
- :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: (kaniini@pleroma.site)'s status on Thursday, 21-Mar-2019 13:17:23 JST :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd:
  
  *mutters something about fixing OAuth token security issues instead of redesigning the mastodon profile view*
  
  In conversation Thursday, 21-Mar-2019 13:17:23 JST permalink
  
  ? Himawari Prodromou repeated this.
- :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: (kaniini@pleroma.site)'s status on Thursday, 21-Mar-2019 13:20:56 JST :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd:
  in reply to
  
  the one thing i hate more than security holes is supporting security holes for compatibility reasons
  
  In conversation Thursday, 21-Mar-2019 13:20:56 JST permalink
  
  ? Himawari Prodromou repeated this.

Feeds