@darch@neotxt.dk Yup 😅
@darch@neotxt.dk It’s called “test in prod”™ 😅
@lumen@tw.lumen.pink Hey! 👋 Welcome back! 👌
yarnd
password change function is insecure by design and should be fixed 🤔
@lumen@tw.lumen.pink Ahh good to know, so less likely to worry about 👌 (hijacking sessions that is)
yarnd
password change function is insecure by design and should be fixed 🤔
@mckinley@twtxt.net Agreed!
@lyse@lyse.isobeef.org 500 Internal Server Error for me 😢
@lyse@lyse.isobeef.org Oh wow that’s such a lovely shot! 👌
@abucci@anthony.buc.ci Time to build a modern NNTP with a decent interface? 🤔
@jan6@twtxt.net Welcome back 🤣
yarnd
password change function is insecure by design and should be fixed 🤔
@lyse@lyse.isobeef.org Yeah true! Um not even sure how realistic hijacking’s a session really is? 🤔
@xavavu@twtxt.net Cool 👌
yarnd
password change function is insecure by design and should be fixed 🤔
@lyse@lyse.isobeef.org Well basically if you try to reset your password today, it assumes you are a) logged in and b) you are who you say you are. There is no verification of your old password, no identify verification. So if somehow someone managed to hijack your session or something…
@xavavu@twtxt.net It sure does 👌 Also I haven’t seen you around here before, welcome to my pod 🤗