tryagain@lemmy.ml to lemmy.ml meta@lemmy.ml · 1 year agoI'm going to assume the admins here all have 2FA on their accounts, right?message-squaremessage-square26fedilinkarrow-up158arrow-down12file-text
arrow-up156arrow-down1message-squareI'm going to assume the admins here all have 2FA on their accounts, right?tryagain@lemmy.ml to lemmy.ml meta@lemmy.ml · 1 year agomessage-square26fedilinkfile-text
minus-squareTheSaneWriter@lemm.eelinkfedilinkarrow-up3·1 year agoThe servers should theoretically have a way to murder the tokens, but I’m not sure how Lemmy has implemented authentication so I don’t know for sure.
minus-squarespiderplant@infosec.publinkfedilinkarrow-up3·1 year agoLooks like you’re right, admins will just need to update the JWT secret.
minus-squareTheSaneWriter@lemm.eelinkfedilinkarrow-up1·1 year agoThat makes sense. Of course, updating the secret will log everyone out, but that’s a small price to pay to fix an admin breach.
The servers should theoretically have a way to murder the tokens, but I’m not sure how Lemmy has implemented authentication so I don’t know for sure.
Looks like you’re right, admins will just need to update the JWT secret.
That makes sense. Of course, updating the secret will log everyone out, but that’s a small price to pay to fix an admin breach.