7·
1 year agoSorry. I was misleading there. I edited it. The password is hashed and salted. I meant that admin can collect the password in plaintext only if they wanted to
- 0 Posts
- 4 Comments
Joined 1 year ago
Cake day: July 4th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I didn’t look at Lemmy’s source but I’m pretty sure it is hashed. The thing is, password is hashed in the database only to protect users in case database gets hacked. But a bad admin of the server can always just change the code and nobody would know. When it comes to websites, open source doesn’t provide any additional security, since everything that happens on the server is a black box. I’m not an expert on this though. Correct me if I’m wrong
It’s not just upvotes and downvotes. Instance admin also knows your email and can store your password in plaintext if they want to. It’s up to user to decide whether to trust the instance admin
Originalio