Conversation

Notices

1. Embed this notice
   Unattributed 👤 ☑ (unatributed@mastodon.social)'s status on Monday, 29-Apr-2024 17:28:57 JST Unattributed 👤 ☑

   • Daniel Supernault

   @dansup
   What's going to stop a man in the middle style attack and allow some to grab email / password pairs?

   • Embed this notice
     Cairo Braga [toot] (cairobraga@toot.cairobraga.com)'s status on Monday, 29-Apr-2024 17:37:28 JST Cairo Braga [toot]

     • Daniel Supernault

     @dansup will Loops work as a Web app/PWA?

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Monday, 29-Apr-2024 21:20:44 JST Evan Prodromou

     • Daniel Supernault

     @dansup hey, Dan! The minor difficulty for users in entering their server name is vastly outweighed by having a SPOF in the central auth server. I'd say, don't do this.

   • Embed this notice
     Unattributed 👤 ☑ (unatributed@mastodon.social)'s status on Tuesday, 30-Apr-2024 03:36:49 JST Unattributed 👤 ☑

     • Daniel Supernault

     @dansup definitely better, but as has been pointed out might be gdpr issue.

   • Embed this notice
     Unattributed 👤 ☑ (unatributed@mastodon.social)'s status on Tuesday, 30-Apr-2024 03:57:56 JST Unattributed 👤 ☑

     • Daniel Supernault

     @dansup second thought... What if you just asked for the user ID, then have an API that broadcasts to all registered servers, if one of them acknowledges having the ID redirect to that server for password prompt.

     Could also shortcut this by seeing a cookie with the url of the server the use is registered on as well.