General Dev>In The News

False security: Dashy's client-side authentication

CommunityNews

CommunityNews

False security: Dashy's client-side authentication

False security: Dashy’s client-side authentication.
Update 3/28: The devs have announced that the auth system is to be deprecated. See details below.
About a month ago, I went looking for a dashboard for my homelab—something to help visualize the services I run. I found Dashy, a popular (14.6k GitHub stars) dashboard designed for self-hosters. I deployed it and started configuring it, but noticed that something about its authentication felt off. I started digging and quickly found its security to be borderline useless, permitting unauthenticated reads and writes of its configuration.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

View thread on forum
/security#authentication
0 269 0

Popular General Dev topics Top

AstonJ
General Dev>In The News

Steve Wozniak sues YouTube over Bitcoin scam
Apple co-founder Steve Wozniak is suing YouTube for allegedly allowing scammers to use images and videos of him to defraud people. The s...
bbc.co.uk
#google#youtube#bitcoin
13 1036 8
New
First poster: OvermindDL1
General Dev>In The News

My new toy is a USB-C cable with a built-in power meter
You can now buy a 100W USB-C cable with a built-in power meter. They’re just $20 on Amazon, and they work!
theverge.com
#usb
26 1309 12
New
First poster: joeb
General Dev>In The News

Safari now supports File System Access API with private origin
The File System Access API with Origin Private File System. WebKit supports new API that makes it possible for web apps to create, open,...
webkit.org
#api#safari
43 2899 21
New
First poster: dimitarvp
General Dev>In The News

A career ending mistake
A career ending mistake — Bitfield Consulting. As software engineers, we’re constantly making detailed, elaborate plans for computers to...
bitfieldconsulting.com
#career
22 939 8
New
CommunityNews
General Dev>In The News

Why study functional programming?
…or, “why make programming even harder?” Learning functional programming is an opportunity to discover a new way to represent programs, t...
acm.wustl.edu
#programming
4 738 1
New
First poster: bot
General Dev>In The News

The cheapest flash microcontroller you can buy is actually an Arm Cortex-M0+
The cheapest flash microcontroller you can buy is actually an Arm Cortex-M0+ - Jay Carlson. Puya’s 10-cent PY32 series is complicating t...
jaycarlson.net
#arm
0 1022 0
New
First poster: bot
General Dev>In The News

A reason why Mac speakers sound better and louder than most
Hector Martin (@marcan@treehouse.systems). Attached: 1 image For those wondering why the hell we need all this safety system stuff for...
social.treehouse.systems
0 849 0
New
First poster: KnowledgeIsPower
General Dev>In The News

Building a Slack alternative with Rust/Tauri
Building a Slack/Discord alternative with Tauri/Rust linen <span class="hashtag-icon-placeholder"></span>blog. Introduction My name is K...
linen.dev
/rust#slack#tauri
1 865 1
New
First poster: DevotionGeo
General Dev>In The News

To avoid being replaced by LLMs, do what they can't
To avoid being replaced by LLMs, do what they can’t. What LLM’s can’t do yet
seangoedecke.com
17 233 7
New
CommunityNews
General Dev>In The News

Deepseek - starting this week we'll open-source 5 repos
We’re a tiny team @deepseek-ai pushing our limits in AGI exploration. Starting this week , Feb 24, 2025 we’ll open-source 5 repos – one ...
github.com
#github/deepseek
1 292 0
New

Other popular topics Top

AstonJ
General Dev>Code Editors

Poll: Which code editor do you use?
You might be thinking we should just ask who’s not using VSCode :joy: however there are some new additions in the space that might give V...
#community#polls/vim/emacs#code-editors/vscode#notepad/sublime-text#atom/textmate#codespaces#brackets/onivim#geany
105 4492 50
New
PragmaticBookshelf
Community>In The Spotlight

Spotlight: Noel Rappin (Author)
“Finding the Boundaries” Hero’s Journey with Noel Rappin @noelrappin Even when you’re ultimately right about what the future ho...
#author-spotlight#web-development/rails/book-modern-front-end-development-for-rails/book-rails-5-test-prescriptions
34 3716 21
New
AstonJ
Backend>Chat

Rails console using 100% CPU in dev (fix)
If you are experiencing Rails console using 100% CPU on your dev machine, then updating your development and test gems might fix the issu...
/ruby/rails
3 3553 3
New
PragmaticBookshelf
Backend>Learning Resources

Programming Phoenix LiveView
Build highly interactive applications without ever leaving Elixir, the way the experts do. Let LiveView take care of performance, scalabi...
pragprog.com
#pragprog/elixir/phoenix#published-book/book-programming-phoenix-liveview
61 3322 14
New
mafinar
Backend>Chat

Data Structures and Algorithms with Elixir
This is going to be a long an frequently posted thread. While talking to a friend of mine who has taken data structure and algorithm cou...
/elixir#algorithms#data-structures
108 8978 31
New
AstonJ
Science/Tech>Health & Diet

David Sinclair's new Lifespan podcast
We’ve talked about his book briefly here but it is quickly becoming obsolete - so he’s decided to create a series of 7 podcasts, the firs...
#health#podcasts#bio-hackers#david-sinclair
87 5847 49
New
First poster: bot
General Dev>In The News

Zig now has built-in HTTP server and client in std
zig/http.zig at 7cf2cbb33ef34c1d211135f56d30fe23b6cacd42 · ziglang/zig. General-purpose programming language and toolchain for maintaini...
github.com
/zig#http
0 2600 0
New
PragmaticBookshelf
Community>In The Spotlight

Spotlight: Bruce Tate (Author) Interview and AMA!
Author Spotlight: Bruce Tate @redrapids Programming languages always emerge out of need, and if that’s not always true, they’re defin...
/elixir/ruby/phoenix#book-seven-moreuages-in-seven-weeks#book-sevenuages-in-seven-weeks#liveview/book-programming-phoenix-liveview
54 4432 23
New
CommunityNews
General Dev>In The News

Review of Linux on Minisforum V3 AMD Ryzen Tablet
A Brief Review of the Minisforum V3 AMD Tablet. Update: I have created an awesome-minisforum-v3 GitHub repository to list information fo...
mudkip.me
#linux#review#amd
0 1496 0
New
AstonJ
AI>Chat

Post your DeepSeek results
Curious what kind of results others are getting, I think actually prefer the 7B model to the 32B model, not only is it faster but the qua...
/deepseek
15 849 15
New
Back to top

Latest in Security

Security Portal

General Dev>In The News

General Dev In The News

Latest on Devtalk

Devtalk

We ❤️ helpful members!

We reward our most helpful members via our MOTM scheme - by giving away a whopping 25 books per year!

Member of the Month

Devtalk Sponsors

Pragmatic Bookshelf

Practical resources that improve the lives of professional developers.

Erlang Solutions

We build trusted fault-tolerant systems that scale to billions of users.

Honeybadger

Real-time error tracking, performance insights, and observability for devs.

Manning Publications

Develop your skills with books, videos, and courses.

AppSignal

Catch errors, track performance, monitor hosts and more.

WyeWorks

Enabling companies to succeed by building software people love.

Pragmatic Studio

Courses that'll move you from confusion to "Aha, now I get it!"

View all our sponsors ❯

Categories:

Sub Categories:

Popular Portals

Devtalk Sponsors

Pragmatic Bookshelf

Practical resources that improve the lives of professional developers.

Erlang Solutions

We build trusted fault-tolerant systems that scale to billions of users.

Honeybadger

Real-time error tracking, performance insights, and observability for devs.

Manning Publications

Develop your skills with books, videos, and courses.

AppSignal

Catch errors, track performance, monitor hosts and more.

WyeWorks

Enabling companies to succeed by building software people love.

Pragmatic Studio

Courses that'll move you from confusion to "Aha, now I get it!"

View all our sponsors ❯

We're in Beta

About us Mission Statement See our Roadmap