cybersecurityEnglish · 7 months ago

knowing when to trust a login page on a Cloudflare site

8

11

knowing when to trust a login page on a Cloudflare site

cybersecurityEnglish · 7 months ago

8

Question for people willing to visit Cloudflare sites:

How do you determine whether to trust a login page on a CF site? A sloppy or naïve admin would simply take the basic steps to putting their site on Cloudflare, in which case the authentication traffic traverses CF. Diligent admins setup a separate non-CF host for authentication.

Doing a view-source on the login page and inspecting the code seems like a lot of effort. The source for the lemmy.world login page is not humanly readable. It looks as if they obfuscated the URLs to make them less readable. Is there a reasonably convenient way to check where the creds go? Do you supply bogus login info and then check the httpput headers?

Chat

coffeeCleanOP
link
fedilink
English
arrow-up
2
arrow-down
1·
edit-2
7 months ago
It’s not always the case though. If you look at vivaldi.net and stackexchange, the creds take a CF-free path.

cybersecurity

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !cybersecurity@infosec.pub

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1 user / day
13 users / week
59 users / month
888 users / 6 months
732 local subscribers
3.22K subscribers
410 Posts
1.38K Comments
Modlog