[josm-dev] shocking - unsecure password sending!
stefan at binaervarianz.de
stefan at binaervarianz.de
Wed Oct 7 10:12:52 BST 2009
On Wed, 7 Oct 2009 09:04:32 +0100, Shaun McDonald <osm at shaunmcdonald.me.uk>
wrote:
>>> [...OAuth discussion...]
Hi,
I've followed the discussion losely the past days.
Could someone kindly recap why good old HTTPS is not an option?
The original question was to encrypt the username/password authentication.
You now discuss replacing that with an OAuth authentication which doesn't
need secret username/passwords.
Both solves the problem of someone sniffing data inbetween gaining access
to the OSM acount.
But while https would just work transparently behind the scenes, OAuth is
quite complicated in going back and forth between JOSM and OSM Website
implying a lot of changes to the present workflow.
So what is it that prevents https?
Regards,
Stefan
More information about the josm-dev
mailing list