[josm-dev] shocking - unsecure password sending!

[Frederik Ramm]

Hi,

stefan at binaervarianz.de wrote:
> HTTPS can be done with certificates free of charge, as well as self signed
> certificates as well as without certificates at all.

I agree that it is possible to get proper certificate for less than $400 
per year (more like $30 or so). The free and self-signed ones have a 
tendency to be frowned upon by Sun's Java stack but maybe certificate 
checking can be disabled somehow?

> But OAuth also needs to sign tokens and check signatures, which is
> essentially an encryption operation.
> Is there really that much difference, especially if only the
> username/password is transfered via https?

Transferring username/password via https and the rest without would 
require changes to the server which someone would have to code.

> A username/password authentication for most people just implies a kind of
> security which is not garanteed by the implemantation.
> I'm easily able to make edits, delete tracks and write diary entries in the
> name of other people as long as I 'm able to catch a JOSM authentication
> packet.
> I don't think all useres are aware of or even asume that.

Of course most users are NOT aware of this, much as they are NOT aware 
that anyone can sniff out their credit card number when they make a 
purchase, or read their e-mail when they use an unencrypted W-Lan, or 
... it's a cruel world!

I have amended the JOSM start page to say that username and password are 
transmitted unencrypted, and that people should not upload changes if 
they do not want that.

As soon as someone comes along who is willing and able to make the 
changes to the API, get them rolled out, and modify JOSM accordingly, 
that note can be removed.

Bye
Frederik