[josm-dev] shocking - unsecure password sending!
Mike N.
niceman at att.net
Wed Oct 7 12:53:37 BST 2009
>>> Could someone kindly recap why good old HTTPS is not an option?
>>
>> A certificate costs $400 per year, that's why.
>
> Not only.
>
> HTTPS for a number of connections more than a few costs significant CPU
> time that probably is better spend elsewhere.
A web server certificate can be gotten for about $15 per year.
Restricting the HTTPS connections to auth only would solve much of the
CPU concern. But the token used for the upload session would be exposed,
which could still result in account takeover.
More information about the josm-dev
mailing list