@[email protected] to lemmy.ml [email protected] • 1 year agoI'm going to assume the admins here all have 2FA on their accounts, right?message-square25fedilinkarrow-up158arrow-down12file-text
arrow-up156arrow-down1message-squareI'm going to assume the admins here all have 2FA on their accounts, right?@[email protected] to lemmy.ml [email protected] • 1 year agomessage-square25fedilinkfile-text
minus-squareTheSaneWriterlinkfedilink3•1 year agoThe servers should theoretically have a way to murder the tokens, but I’m not sure how Lemmy has implemented authentication so I don’t know for sure.
minus-square@[email protected]linkfedilink3•1 year agoLooks like you’re right, admins will just need to update the JWT secret.
minus-squareTheSaneWriterlinkfedilink1•1 year agoThat makes sense. Of course, updating the secret will log everyone out, but that’s a small price to pay to fix an admin breach.
The servers should theoretically have a way to murder the tokens, but I’m not sure how Lemmy has implemented authentication so I don’t know for sure.
Looks like you’re right, admins will just need to update the JWT secret.
That makes sense. Of course, updating the secret will log everyone out, but that’s a small price to pay to fix an admin breach.