Lemmy Support

4654 readers

20 users here now

Support / questions about Lemmy.

Matrix Space: #lemmy-space

founded 5 years ago

MODERATORS

[email protected]

Authentify users from other instances (lemmy.mindoki.com)

submitted 1 year ago by [email protected] to c/[email protected]

12 comments fedilink hide all child comments

Hello !

When someone connects to my instances communities, but from another instance, how do I know it's no spoofing involved?

Cheers

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 1 year ago (11 children)

Messages are sent with a digital signature that only the original instance could craft.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (6 children)

Okay so it's the lemmt server running my instance that checks it is the right user. Do you know how it is done ?

I reread your post, so it's a signature in the http call?

[–] [email protected] 3 points 1 year ago

It should be a signature that is sent together with the ActivityPub Object. Yes, if the signature doesn't match, the content, whether a post, comment, favorite, upvote, etc... should be dropped.

Here is the source code of the library that lemmy uses to handle incoming objects and you can see that it does a call to verify the signature of the actor:

https://docs.rs/activitypub_federation/latest/src/activitypub_federation/actix_web/inbox.rs.html#18-54

load more comments (5 replies)

load more comments (9 replies)