What is the security risk of using wefwef.app?
See title. When logging into wefwef.app, does the dev have access to my account credentials or session tokens? Should we all self host our own?
View original on lemmy.world
See title. When logging into wefwef.app, does the dev have access to my account credentials or session tokens? Should we all self host our own?
No. https://lemmy.world/post/631486
Sounds like the session token and credentials pass through wefwef servers but aren't stored locally so theoretically they (the dev or wefwef server owner) could capture that info, correct?
Looks like that's how it is till they can figure out the CORS issue. The dev does go on to say you are free to self-host if you feel it is a security issue