🇨🇦Samuel Proulx🇨🇦
@fastfinge@interfree.ca
@Ree @sun Yes exactly. Better to make sure that even if it, say, hands out the password to its XMPP account, nobody can log into that account anyway, because it's protected by an IP allow list. And the XMPP server is a different machine, so it can't add your IP to the allow list even if it wants to. Same for API keys and so on. Assume it will give them to any random jerk who puts up a webpage that asks it to. Make sure they can't do anything with those keys.