Skip Navigation

knowing when to trust a login page on a Cloudflare site

Question for people willing to visit Cloudflare sites:

How do you determine whether to trust a login page on a CF site? A sloppy or naïve admin would simply take the basic steps to putting their site on Cloudflare, in which case the authentication traffic traverses CF. Diligent admins setup a separate non-CF host for authentication.

Doing a view-source on the login page and inspecting the code seems like a lot of effort. The source for the lemmy.world login page is not humanly readable. It looks as if they obfuscated the URLs to make them less readable. Is there a reasonably convenient way to check where the creds go? Do you supply bogus login info and then check the httpput headers?

8

You're viewing a single thread.

8 comments
  • I think you can assume that your credentials go via Cloudflare.

    But the only thing you can do on lemmy is post stuff publicly, and presumably you are using randomised passwords, so what's the cyber security risk?

You've viewed 8 comments.