PS. Site.js makes it very simple to hack together a secure admin page for your small web app using a cryptographically secure secret route without requiring you to build a role management system with passwords, etc. Perfect if you’re the only one to access it.
@aral Uhm, no?
Just because you have a secret in that URL, doesn't automatically mean it's secure. The opposite is the case, due to that it's explicitly not secure.
This is a token-based authentication and it stores a long term token in a URL. Besides the risk of exposing this URL through sending it somewhere by accident, it is automatically stored in your browser history (unless adjusted).
@sheogorath Yes, it’s secure unless you share it or if you access it on a non-private session on a public machine.
If that’s not acceptable for your threat model, sure. For mine, it’s perfectly adequate.
This is my personal Mastodon.