[OSM-dev] API suggestion - "authorise"?
DavidD
thewinch at gmail.com
Sat Nov 17 15:25:38 GMT 2007
On 17/11/2007, Lambertus <osm at na1400.info> wrote:
> As a sidenote, I agree that using plain HTTP for authentication is not very
> secure. But common sense dictates the use of different passwords for every
> account, so in case the OSM authentication request gets intercepted it won't
> do much harm.
I think a bigger problem is the third party site itself could
potentially log valid user credentials.
OSM logins themselves are probably not that valuable but how many
would you need before you found one that was also a paypal login? Sure
people should use different passwords but remembering lots of
passwords is hard so there will always be people who don't.
I guess it makes me a bit uncomfortable because it appears to
undermine the general message of never using login credentials on a
third party site.
--
DavidD
More information about the dev
mailing list