|
|
|
|
|
|
by apitman
976 days ago
|
|
|
This looks great! I will definitely be taking a close look. Only thing I noticed with a quick try is that portier allows both a magic link and code for passwordless email login. Magic links are much more vulnerable to attack than codes because the email providers and anyone who may have access to your email can hijack your login from any location. I think it's fine to provide magic links but that choice should be the user's option when they enter their email, after warning them of the security implications. EDIT: They actually address this in their non-goals document[0] but disagree with the decision, since many users may not realize the tradeoffs. [0]: https://github.com/portier/portier.github.io/blob/main/Non-G... |
|
|
Right away, a partial mitigation for current versions of Portier is to modify the `email_*.mustache` templates to remove the link. But a second piece of information Portier leaks is simply which sites you're logging into. That's right in the subject for Portier, and not something you can customize for current versions.
I think it's worthy to try and harden against this type of attack, but I'm worried the effect is limited. There's often nothing stopping someone from simply starting the login process / creating a new session, so an attacker just has to know where, and there are a bunch of ways to find out.