I wonder what are suitable methods to protect a Lemmy instance against DDOS attacks.

For example, can we use Cloudflare? Or it could break the federation?

Any ideas/suggestions?

  • @pinknoise
    2 years ago

    Websites usually use transport encryption but the password itself isn’t encrypted. There are authentication schemes that won’t send plaintext passwords (by involving some kind of challenge) but they won’t work without javascript (except http digest access authentication but thats no good) and you shouldn’t ask web-developers to implement them since they will find a way to fuck it up.