Pro@programming.dev to Technology@lemmy.worldEnglish · edit-224日前Slrpnk instance is down till mid July; they might relaunch their server on piefed.programming.devimagemessage-square93fedilinkarrow-up1551arrow-down115file-text
arrow-up1536arrow-down1imageSlrpnk instance is down till mid July; they might relaunch their server on piefed.programming.devPro@programming.dev to Technology@lemmy.worldEnglish · edit-224日前message-square93fedilinkfile-text
minus-squareGreenKnight23@lemmy.worldlinkfedilinkEnglisharrow-up1arrow-down1·24日前yes, but those frontends are typically tied closer to the backend than a public API. things like CSRF can help block abuse of the back end.
minus-squaretfm@europe.publinkfedilinkEnglisharrow-up3·24日前Nope they all use the public API. Even the default Lemmy web client.
minus-squareGreenKnight23@lemmy.worldlinkfedilinkEnglisharrow-up1arrow-down2·24日前well that’s poor planning and why bots are such a problem. I know CSRF tokens aren’t a silver bullet, but doing nothing to stop them does nothing to stop them.
minus-squaretfm@europe.publinkfedilinkEnglisharrow-up4·24日前CSRF protection is a security feature not bot prevention. A bot would just need to get a token first.
yes, but those frontends are typically tied closer to the backend than a public API.
things like CSRF can help block abuse of the back end.
Nope they all use the public API. Even the default Lemmy web client.
well that’s poor planning and why bots are such a problem.
I know CSRF tokens aren’t a silver bullet, but doing nothing to stop them does nothing to stop them.
CSRF protection is a security feature not bot prevention. A bot would just need to get a token first.