Comment on App to schedule posts on Lemmy
Trakata@lemmy.ca 10 months agoI don’t store your password if that’s what you’re asking! …
The JWT token is not stored on the server, it’s only in a cookie in your browser.
When you schedule a post, the post details, your instance, your username and your JWT token are stored in a job…
You’re simply storing secrets on the server and running it by proxy, nothing prevents you from extracting those JWTs from the job stores and actioning them against an arbitrary Lemmy API with crafted calls.
rikudou@lemmings.world 10 months ago
Yup, that’s right. I don’t do that, though. Which obviously you’ll have to trust me on (or don’t and don’t use it). It has been open sourced now, but that still doesn’t solve it and I’m obviously not gonna go and give people production access to my AWS account.
I’m not saying you must use it, I’m just giving it here in case anyone wants to.
Trakata@lemmy.ca 10 months ago
No, thanks.
Fluba@lemdro.id 10 months ago
Do you have a recommendation for how OP can change things so you’re satisfied with your privacy?
Trakata@lemmy.ca 10 months ago