[josm-dev] shocking - unsecure password sending!
Frederik Ramm
frederik at remote.org
Wed Oct 7 10:53:11 BST 2009
Hi,
stefan at binaervarianz.de wrote:
> Why not give away the map data (that's all we need for JOSM) without
> authentication?
Map data can be read without authentication. It is only for writing that
you need username/password.
> Probably to keep track of changes and vadalism and to block or ban users
> after such.
Blocking and banning users is very seldomly done as they can simply
create a new account any time they are banned. The most important
feature of linking users to edits is to make it possible for other users
to contact you about your edits.
> So I don't want to be blocked. I don't want to generate new accounts and
> loose my statistics and history just because someone messed around
> in my name.
Why would someone mess around in your name? What is your name anyway, I
mean, there are 160.000 user names and nobody knows which one of them is
yours.
Maybe we should use numbers instead of names for login ;-)
Your other question about https - there is concern that using https
throughout would require considerably more CPU power on the servers and
slow down interactive editing.
Bye
Frederik
More information about the josm-dev
mailing list