On 7/21/23, Undescribed Horrific Abuse, One Victim & Survivor of Many <[email protected]> wrote: > ------------------------- > [to repeat the problem, when i reviewed the provider client and server > code for akash (partial report linked in second reply to [crazy?] > tagged thread on this list) i did not see them verifying the other > party's certificates. [this means a malicious party could log in]. _i > make many mistakes and see many things wrongly_. the server code > really looks wrong. [my highly paranoid guess as to what is wrong is > that the certificate verification code could have been excised.]]
[sorry, it's the client code, which i looked at more, that really looks wrong to me, not the server code; the client code issue does not provide for malicious log in.]
