this security issue can only be triggered by users fault, but it’s up to the UI designer to prevent user mistakes causing potential credential leaks.

The login page

The login page is designed to be as simple as possible. Only 1 page, no extra steps. It’ll validate whatever instance url you type in to ensure it’s actually a Lemmy instance.

The problem

If the user mistypes the instance url to a typo squatting instance, your credentials were just sent straight to them. Bad. For example, I could setup an instance named lemmu.world, and if someone accidentally mistypes lemmy.world as that, I get their credentials for free.

Potential solutions

I’m not sure which one would be best as they all have problems.

  • Require you to type the instance before you can start typing your credentials.
    • This complicates things and adds an extra step. This also wouldn’t completely solve the problem.
  • Add an auto complete list
    • This will work for popular instances as they’ll know that they have the wrong url because it disappeared from the auto complete. However, I’d need to keep this list updated and id prefer photon to have minimal external ties. This also wouldn’t work for small instances.
  • Add typo checking
    • This has the same problem as above as I’d need to keep common misspellings updated and I want photon to have minimal external ties.

Any ideas? For now, this isn’t a problem as long as you double check the instance you’re logging in with, and there’s no cases of this AFAIK.

  • @[email protected]
    link
    fedilink
    English
    12 months ago

    I’d say you should have a list of pre approved instances and then give a little warning when an instance is not on the list.