[openstreetmap/openstreetmap-website] Deleting user does not remove client application configuration (#2566)
PasLoin
notifications at github.com
Fri Dec 23 15:15:41 UTC 2022
> Is there any evidence that a token for a deleted user is actually able to do anything?
Have found a "use case" :
https://osmcha.org/changesets/130421392/?aoi=75c0a968-0abe-47e0-81f6-f193c9e785f1
This user has deleting himself his account few day ago and recreate an another one and use it with ID editor.
Today he use Josm with probably previous OAuth and he make this changeset.
So impossible to view his new changesets using user history in OSM.
And also not removing access on OAuth can be a security issue on another cases.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/2566#issuecomment-1364033490
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/2566/1364033490 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20221223/7a91d521/attachment.htm>
More information about the rails-dev
mailing list