Pro@programming.dev to Technology@lemmy.worldEnglish · edit-23 个月前Slrpnk instance is down till mid July; they might relaunch their server on piefed.programming.devimagemessage-square91fedilinkarrow-up1552arrow-down115file-text
arrow-up1537arrow-down1imageSlrpnk instance is down till mid July; they might relaunch their server on piefed.programming.devPro@programming.dev to Technology@lemmy.worldEnglish · edit-23 个月前message-square91fedilinkfile-text
minus-squareGreenKnight23@lemmy.worldlinkfedilinkEnglisharrow-up2arrow-down3·3 个月前why does everything need a mobile app?
minus-squaretfm@europe.publinkfedilinkEnglisharrow-up7·3 个月前It’s not just native Apps. Alternative web UIs like Thunder, Photon and Voyager need them too.
minus-squareGreenKnight23@lemmy.worldlinkfedilinkEnglisharrow-up1arrow-down1·3 个月前yes, but those frontends are typically tied closer to the backend than a public API. things like CSRF can help block abuse of the back end.
minus-squaretfm@europe.publinkfedilinkEnglisharrow-up3·3 个月前Nope they all use the public API. Even the default Lemmy web client.
minus-squareGreenKnight23@lemmy.worldlinkfedilinkEnglisharrow-up1arrow-down2·3 个月前well that’s poor planning and why bots are such a problem. I know CSRF tokens aren’t a silver bullet, but doing nothing to stop them does nothing to stop them.
minus-squaretfm@europe.publinkfedilinkEnglisharrow-up4·3 个月前CSRF protection is a security feature not bot prevention. A bot would just need to get a token first.
why does everything need a mobile app?
It’s not just native Apps. Alternative web UIs like Thunder, Photon and Voyager need them too.
yes, but those frontends are typically tied closer to the backend than a public API.
things like CSRF can help block abuse of the back end.
Nope they all use the public API. Even the default Lemmy web client.
well that’s poor planning and why bots are such a problem.
I know CSRF tokens aren’t a silver bullet, but doing nothing to stop them does nothing to stop them.
CSRF protection is a security feature not bot prevention. A bot would just need to get a token first.