• Turun@feddit.de
    link
    fedilink
    English
    arrow-up
    2
    ·
    8 months ago

    Are updates authenticated? Or can I send an update to lemmy.world from 123.123.123.123 (which is not the IP address of feddit.de) that you have edited your comment to say “I don’t like pizza”?

    If updates are not authenticated this really could be a big problem.

    • SorteKaninA
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      8 months ago

      You cannot do that, no. Edits are authenticated in the sense that the request must come from the instance of the user.

      Your admin could in principle send such a request for you. But then you’re talking about a malicious admin and then all bets are off. Obviously admins are in full control of everything on their own instance, including being able to edit their own users stuff. Not that any reasonable admin would do that.