[josm-dev] shocking - unsecure password sending!
stefan at binaervarianz.de
stefan at binaervarianz.de
Wed Oct 7 13:18:53 BST 2009
On Wed, 7 Oct 2009 07:53:37 -0400, "Mike N." <niceman at att.net> wrote:
> Restricting the HTTPS connections to auth only would solve much of the
> CPU concern. But the token used for the upload session would be
exposed,
>
> which could still result in account takeover.
>
It could result in an upload session takeover.
It depends on the implementation if these tokens are valid for things other
than map data upload.
And at least it's limited due to the session timeout and can't be reused
later.
Regards
Stefan
More information about the josm-dev
mailing list