Norwegian. In UK.

  • 0 Posts
  • 5 Comments
Joined 1 year ago
cake
Cake day: June 22nd, 2023

help-circle

  • In theory if there are no security holes, a user account can only mess up its own account.

    Note that what steps you want to take will really depend on who these users are and what you want to achieve. There’s a vast chasm between allowing in, say, friends or colleagues, vs. letting random people on the internet access it. The latter will mean someone will intentionally look for exploits, which means e.g. regularly applying security updates becomes far more pressing.

    If you are letting in random strangers, I’d look into only giving them access within a separate container or ideally virtual machine per user as an extra precaution unless what you’re making available is very stripped down.



  • It’s stupid that it’s not there, though, and I suspect it will get fixed at some point. Basically, some concerns were raised about people using it to doctor timelines (but they can already do that by setting up a single-person instance and messing with the database), and the new instance can validate the signatures of the posts anyway, so they’re no less secure than posts from other accounts received via federation. If anyone is really concerned they could slap an “imported from …” banner on old/migrated posts so people are aware they were not originally posted there.