[josm-dev] shocking - unsecure password sending!
Valent Turkovic
valent.turkovic at gmail.com
Tue Oct 6 08:56:23 BST 2009
On Sat, 26 Sep 2009 13:49:00 +0000, Ævar Arnfjörð Bjarmason wrote:
> On OSM.org you can give out tokens that allow the holder to *only* edit
> the map data. As opposed to also getting access to your private GPX
> tracks, making diary entries / comments etc.
>
> So transfering plaintext OAuth tokens would be more secure as in the
> event of a breach the access the attacker would gain to OSM.org in your
> name would at least be compartmentalized.
>
> Not to mention that the OAuth token would *only* work on OSM.org whereas
> users are likely to supply the same email/password pair for multiple
> websites that they're using.
This definitely sounds like a step forward in the right direction. This
seams like a nice feature to secure users account, and you are right,
this would be much better than nothing.
--
pratite me na twitteru - www.twitter.com/valentt
http://kernelreloaded.blog385.com/
linux, blog, anime, spirituality, windsurf, wireless
registered as user #367004 with the Linux Counter, http://counter.li.org.
ICQ: 2125241, Skype: valent.turkovic
More information about the josm-dev
mailing list