Francis Mars's avatar
Francis Mars francismars@chainduel.net 1 week ago
I don't know if Umbrel is fully to blame here as they provide mechanisms of defense such as requiring authentication in umbrel to access certain apps but also providing variables that apps can use for situations like these like ${APP_PASSWORD}, for example.
↑ Parent

Replies (1)

bumi's avatar
bumi michael@getalby.com 1 week ago
I don't think anybody is to blame. It is a valid point for apps that expose APIs to NOT require an umbrel login (otherwise they can not work and can not be used) and it is also a valid point to say that apps must require an umbrel login (if you're a user not using the API). Just depends on how you want to see and use it. both are valid. it's also important to mention that this is not in lnbits nor albyhub. it's a combination with them and umbrel.