[josm-dev] shocking - unsecure password sending!

stefan at binaervarianz.de stefan at binaervarianz.de
Wed Oct 7 14:27:36 BST 2009 

On Wed, 07 Oct 2009 14:26:37 +0200, Frederik Ramm <frederik at remote.org>
wrote:
> Hi,
> 
> I agree that it is possible to get proper certificate for less than $400 
> per year (more like $30 or so). The free and self-signed ones have a 
> tendency to be frowned upon by Sun's Java stack but maybe certificate 
> checking can be disabled somehow?

I don't know about Java problems with free certificates. One has to
manually import them into browsers
or personal keychains to use them, but JOSM could handle that gracefully
for the user.

I think certificates (at least self signed) are mandatory for HTTPS, but
SSL could be used on its own without any form of authentication.

> 
> Transferring username/password via https and the rest without would 
> require changes to the server which someone would have to code.

Yes, that's a problem. But is OAuth already implemented?

But you have a point:
Better let someone with ambition code something which doesn't quite fit the
requirements instead
of finding the perfect solution and nobody to actually implement it.
I better calm down on the matter.


>> A username/password authentication for most people just implies a kind
of
>> security which is not garanteed by the implemantation.
>> I'm easily able to make edits, delete tracks and write diary entries in
>> the
>> name of other people as long as I 'm able to catch a JOSM authentication
>> packet.
>> I don't think all useres are aware of or even asume that.
> 
> Of course most users are NOT aware of this, much as they are NOT aware 
> that anyone can sniff out their credit card number when they make a 
> purchase, or read their e-mail when they use an unencrypted W-Lan, or 
> ... it's a cruel world!
> 
> I have amended the JOSM start page to say that username and password are 
> transmitted unencrypted, and that people should not upload changes if 
> they do not want that.
> 
> As soon as someone comes along who is willing and able to make the 
> changes to the API, get them rolled out, and modify JOSM accordingly, 
> that note can be removed.
> 

That was wise. OSM could even get in legal trouble if it would somehow
'lose'
some private data. Better tell the user that their data isn't private at
all.

Regards

Stefan

More information about the josm-dev mailing list