[josm-dev] shocking - unsecure password sending!
Frederik Ramm
frederik at remote.org
Wed Oct 7 13:27:33 BST 2009
Hi,
stefan at binaervarianz.de wrote:
> It could result in an upload session takeover.
> It depends on the implementation if these tokens are valid for things other
> than map data upload.
>
> And at least it's limited due to the session timeout and can't be reused
> later.
In case you are talking OAuth tokens; these have unlimited lifetime -
not just one session.
Bye
Frederik
More information about the josm-dev
mailing list