[josm-dev] shocking - unsecure password sending!

[Frederik Ramm]

Hi,

Valent Turkovic wrote:
>> A token gets gets generated on the database server (or transmitted to
>> it) and it gets transmitted to the user via HTTPS.
>>
>> The token will encode the password on the user's side and transmit it in
>> plaintext to the server. The server will encode it using the token.
>>
>> That sounds secure to me and shouldn't slow down any process.
> 
> Any plans on implementing this feature into JOSM?

The JOSM part of any of this (except perhaps OAuth) is trivial and I'm 
sure if the server supports some kind of secure authentication then 
someone will hack that up in JOSM. However as long as the server doesn't 
do SSL there's not much incentive, and frankly I couldn't care less 
about my username/password being unencrypted so I will not spend any 
time either coding the Ruby side of things or convincing the server 
operators to buy and install SSL certificates.

But if this is important to you, then go ahead.

Bye
Frederik