Lemmy Support

4654 readers

20 users here now

Support / questions about Lemmy.

Matrix Space: #lemmy-space

founded 5 years ago

MODERATORS

[email protected]

Authentify users from other instances (lemmy.mindoki.com)

submitted 1 year ago by [email protected] to c/[email protected]

12 comments fedilink hide all child comments

Hello !

When someone connects to my instances communities, but from another instance, how do I know it's no spoofing involved?

Cheers

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 1 year ago

It should be a signature that is sent together with the ActivityPub Object. Yes, if the signature doesn't match, the content, whether a post, comment, favorite, upvote, etc... should be dropped.

Here is the source code of the library that lemmy uses to handle incoming objects and you can see that it does a call to verify the signature of the actor:

https://docs.rs/activitypub_federation/latest/src/activitypub_federation/actix_web/inbox.rs.html#18-54