overview for lemmysmash

Apologies for Lemmy being down last night. in c/[email protected]

[–] [email protected] 1 points 3 years ago (1 children)

I'm about to host a lemmy instance and I'm worried about such incidents.

we have yet to code purging dangling pictrs

Would you please explain what are dangling pics and how to delete them?

14

How does lemmy handle security attacks like XSS or CSRF? (cdn.vox-cdn.com)

submitted 3 years ago* (last edited 3 years ago) by [email protected] to c/[email protected]

1 comments fedilink

I'm no security expert but I've noticed Discourse has a security policy.

It documents various possible attacks like XSS:

when a forum staff member edits a user's post, seeing the raw markup, where a malicious user may have inserted code to run JavaScript.

Or CSRF:

CSRF allows malicious sites to perform HTTP requests in the context of a forum user without their knowledge -- mostly by getting users who already hold a valid forum login cookie to click a specific link in their web browser.

I wonder how lemmy handles such security attacks?

@[email protected]

*Permanently Deleted* in c/[email protected]

[–] [email protected] 3 points 3 years ago* (last edited 3 years ago) (1 children)

What's the point of banning users if their posts are still readable, for example:

https://lemmy.ml/u/redyeppit