Security concern of displaying the voltage url when tipping?

[sutt]

Displays the voltage node URL when a customer scans the code to tip:

• is this ok from a security perspective?
• is can we control this setting somehow in LNbits (if we wanted to?)
• note that on withdraw, the wallet refers to vercel.app domain as the counterparty

[cmdruid]

An anonymous user cannot login to any existing wallets using that url unless they also have the API keys for the wallet, so there's no security concern for existing wallets.

However, they CAN create their own account on my lnbits instance, as many as they like, and essentially use my lnbits instance for their own purposes, which is not cool.

LNBits doesn't have any options whatsoever to change this, neither does voltage.

Currently I am using the LNBits plugin for LNURL-Pay codes. I may have to implement LNURL-Pay directly, and only send bolt11 invoices to LNBits, to be able to solve this issue.