security #5
Description
it is impossible to write a secure fedi server
like just HTTP alone you have to deal with zip bombs, the risk of a fake infinite slow stream, and revealing your IP
activitypub itself is the most vague spec of all time and you will forget to implement something
don't forget about the emmaverse incident
combine this with the type of people who currently use fedi, and moron.center is fucked the moment someone discovers who made mollermethod