[josm-dev] JOSM Applet
Frederik Ramm
frederik at remote.org
Thu Mar 3 15:22:24 GMT 2011
Hi,
On 03/03/11 16:04, "Dirk Stöcker" wrote:
>> I think it would be cool to have something similar for the JOSM applet,
>> but of course that would mean that whoever checks out the applet to
>> osm.org would have to take some responsibility for it not being a
>> security hole.
>
> Somehow I believe again (this time both of you) don't know JOSM's
> features. We already can do the server communication with additional
> authentication. When running on the OSM server, OAuth-request could also
> be handled automatically, as login is already done. But what we need in
> any case is an initial login. There is no way around it.
Of course; as you say, it's the same with Potlatch. What I wanted to say
is if you have an "official" editor embedded at osm.org it needs to pass
a different test than "some editor you downloaded somewhere" (and for
osm.org the josm.osm.de site is just "somewhere"). Once furnished with
user credentials or the proper OAuth key, an application could do a lot
of stupid things. So at least if I were running osm.org, I would not
simply install a .jar file there when someone tells me to - just the
same as with Potlatch.
> Well. As already said we need a working version on JOSM servers. Here is
> the only place we can have influence. Installing on OSM would be
> additional benefit.
We need a working developer version but not a working user-facing
version; not necessarily anyway. If we can have it without pain, why
not. Potlatch has both - an instance at api06.dev.openstreetmap org
connected to a test instance of the database, and one at geowiki.org
connected to the main database. Meanwhile, lots of people have also
added Potlatch2 hosting to their web sites (e.g. openpistemap,
wanderreitkarte, MapQuest) so you can run a - sometimes customised - P2
instance directly from their sites.
> Applets can be splitt simply and have a on-demand data access. But as long
> as the applet is not tested a lot better there is no need to optimize in
> this area.
Agreed.
Bye
Frederik
More information about the josm-dev
mailing list