this post was submitted on 26 Sep 2024
16 points (100.0% liked)

Photon

285 readers
1 users here now

Photon for Lemmy

A client for the fediverse designed to be intuitive, fast, and beautiful.

Share your themes, ask questions, report bugs, or check on the latest updates here!

You can contact the dev at @[email protected].

Rules

  1. Posts must be related to Photon in any way
  2. Don't be mean
  3. If your post is a bug report, please preface the title with [solved] if it's been fixed.

founded 1 year ago
MODERATORS
 

this security issue can only be triggered by users fault, but it's up to the UI designer to prevent user mistakes causing potential credential leaks.

The login page

The login page is designed to be as simple as possible. Only 1 page, no extra steps. It'll validate whatever instance url you type in to ensure it's actually a Lemmy instance.

The problem

If the user mistypes the instance url to a typo squatting instance, your credentials were just sent straight to them. Bad. For example, I could setup an instance named lemmu.world, and if someone accidentally mistypes lemmy.world as that, I get their credentials for free.

Potential solutions

I'm not sure which one would be best as they all have problems.

  • Require you to type the instance before you can start typing your credentials.
    • This complicates things and adds an extra step. This also wouldn't completely solve the problem.
  • Add an auto complete list
    • This will work for popular instances as they'll know that they have the wrong url because it disappeared from the auto complete. However, I'd need to keep this list updated and id prefer photon to have minimal external ties. This also wouldn't work for small instances.
  • Add typo checking
    • This has the same problem as above as I'd need to keep common misspellings updated and I want photon to have minimal external ties.

Any ideas? For now, this isn't a problem as long as you double check the instance you're logging in with, and there's no cases of this AFAIK.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] ElectroVagrant 4 points 2 months ago (1 children)
  • Require you to type the instance before you can start typing your credentials.
    • This complicates things and adds an extra step. This also wouldn't completely solve the problem.

First thought in a similar vein to this, have a pause for credential & instance review before passing them along?

E.g. Type everything in as-is, but instead of log in promptly sending anything, it displays all the information you just entered again with some simple message like, "Does everything here look correct?" and Yes/No or something of the sort.

It complicates things and adds a step as well, however I think it would do a better job of encouraging people to double-check for any typos than what you mention in what I've quoted above. Bonus of this idea is that it also keeps external ties to a minimum.

[โ€“] [email protected] 4 points 2 months ago

I'll probably go with this. Thanks!