[josm-dev] shocking - unsecure password sending!

Frederik Ramm frederik at remote.org
Wed Oct 7 13:27:33 BST 2009


Hi,

stefan at binaervarianz.de wrote:
> It could result in an upload session takeover.
> It depends on the implementation if these tokens are valid for things other
> than map data upload. 
> 
> And at least it's limited due to the session timeout and can't be reused
> later.

In case you are talking OAuth tokens; these have unlimited lifetime - 
not just one session.

Bye
Frederik




More information about the josm-dev mailing list