On 7/21/23, Undescribed Horrific Abuse, One Victim & Survivor of Many <gmkarl@gmail.com> wrote:
------------------------- [to repeat the problem, when i reviewed the provider client and server code for akash (partial report linked in second reply to [crazy?] tagged thread on this list) i did not see them verifying the other party's certificates. [this means a malicious party could log in]. _i make many mistakes and see many things wrongly_. the server code really looks wrong. [my highly paranoid guess as to what is wrong is that the certificate verification code could have been excised.]]
[sorry, it's the client code, which i looked at more, that really looks wrong to me, not the server code; the client code issue does not provide for malicious log in.]