[josm-dev] my solution for the password-problem

[Tobias Wendorff]

Hi there,

sorry, I can't find the original thread about the problem
that JOSM transfers passwords unprotected to the server...

Perhaps my understanding of security is mistaken, but this is
the way, how *I* would do it:

1. Set up two small servers (Atom) in the same network as the
database server.

2. One of the servers (A) has access to LAN only, the other (B)
acts as a webserver with HTTPS.

3. Whenever a OSM-user wants to upload data, JOSM could send
the request "get new token" to server (B). This would request
a new token by server (A) and send it to the database server
on LAN and to the user via HTTPS. The token could contain
something like an IP and timestamp with expire-time.

4. I think, the passwords are stored in MD5 on the DB-server.
JOSM should create a hash of the user's password with MD5
and encrypted it with the received token.

5. When the user wants to log in, the encrypted password gets
transmitted to the DB-server. Now, the DB-server reads the
MD5-checksum for the username and encrypts it with the token
it has got from the token server in LAN.

6. This "password" would only be active, until it expires
or until a new one gets requested.

Sounds secure to me and would be easy to setup.
Perhaps, it would be okay to run server (A) in a VM...

Best regards,
Tobias