[josm-dev] JOSM Applet

Frederik Ramm frederik at remote.org
Thu Mar 3 15:22:24 GMT 2011


Hi,

On 03/03/11 16:04, "Dirk Stöcker" wrote:
>> I think it would be cool to have something similar for the JOSM applet,
>> but of course that would mean that whoever checks out the applet to
>> osm.org would have to take some responsibility for it not being a
>> security hole.
>
> Somehow I believe again (this time both of you) don't know JOSM's
> features. We already can do the server communication with additional
> authentication. When running on the OSM server, OAuth-request could also
> be handled automatically, as login is already done. But what we need in
> any case is an initial login. There is no way around it.

Of course; as you say, it's the same with Potlatch. What I wanted to say 
is if you have an "official" editor embedded at osm.org it needs to pass 
a different test than "some editor you downloaded somewhere" (and for 
osm.org the josm.osm.de site is just "somewhere"). Once furnished with 
user credentials or the proper OAuth key, an application could do a lot 
of stupid things. So at least if I were running osm.org, I would not 
simply install a .jar file there when someone tells me to - just the 
same as with Potlatch.

> Well. As already said we need a working version on JOSM servers. Here is
> the only place we can have influence. Installing on OSM would be
> additional benefit.

We need a working developer version but not a working user-facing 
version; not necessarily anyway. If we can have it without pain, why 
not. Potlatch has both - an instance at api06.dev.openstreetmap org 
connected to a test instance of the database, and one at geowiki.org 
connected to the main database. Meanwhile, lots of people have also 
added Potlatch2 hosting to their web sites (e.g. openpistemap, 
wanderreitkarte, MapQuest) so you can run a - sometimes customised - P2 
instance directly from their sites.

> Applets can be splitt simply and have a on-demand data access. But as long
> as the applet is not tested a lot better there is no need to optimize in
> this area.

Agreed.

Bye
Frederik



More information about the josm-dev mailing list