[josm-dev] shocking - unsecure password sending!
Karl Guggisberg
karl.guggisberg at guggis.ch
Wed Oct 7 15:34:57 BST 2009
> We have proxy authentication. But it seems there are situations where the
passwords/usernames somehow gets mixed up.
We don't have Digest Authentication and we don't have NTLM, and there are
problems with the current support for proxy authentication. The proposed
patch for proxy authentication with Basic Authentication using the standard
header wasn't applied, as far as I remember.
Why reinvent the weel? Luickly there are smart people providing http client
libraries which would shield JOSM from the nasty details of proxy
authentication, libraries which are tested against a heterogeneous set of
proxy software "in the wild".
-- Karl
-----Ursprüngliche Nachricht-----
Von: josm-dev-bounces at openstreetmap.org
[mailto:josm-dev-bounces at openstreetmap.org] Im Auftrag von Dirk Stöcker
Gesendet: Mittwoch, 7. Oktober 2009 16:24
An: josm-dev at openstreetmap.org
Betreff: Re: [josm-dev] shocking - unsecure password sending!
On Wed, 7 Oct 2009, Karl Guggisberg wrote:
>> From a technical point of view it would be wise to migrate the JOSM
>> OSM API to the Apache http client, for two reasons:
>
> - it would be helpful in order to add proxy authentication (asked for
> since ages in trac)
We have proxy authentication. But it seems there are situations where the
passwords/usernames somehow gets mixed up.
Ciao
--
http://www.dstoecker.eu/ (PGP key available)
_______________________________________________
josm-dev mailing list
josm-dev at openstreetmap.org
http://lists.openstreetmap.org/listinfo/josm-dev
More information about the josm-dev
mailing list