[OSM-talk-be] JOSM Remote control
Jo
winfixit at gmail.com
Sat Feb 28 16:58:03 UTC 2015
It makes a connection to the website of openstreetmap and sends your
password over it. If you do that over http, all the routers in the middle
can simply see your password. Is that a big deal? Not in itself, until
somebody starts to 'impersonate' you. Making uploads that weren't yours in
your name.
Jo
2015-02-28 17:51 GMT+01:00 André Pirard <A.Pirard.Papou at gmail.com>:
> On 2015-02-28 16:57, Ruben Maes wrote :
>
> Maybe you can circumvent the issue by doing this:
>
> Open JOSM and make sure you have Remote Control enabled. In Firefox,
> go to this address: https://127.0.0.1:8112/
> You should get a warning screen saying "This Connection is Untrusted".
> Click "I Understand the Risks" and press the "Add Exception..."
> button.
> A window pops up. (You can press "View" and inspect the certificate if
> you like. Close the details window if you have done so.) Make sure
> "Permanently store this exception" is checked and click "Confirm
> Security Exception".
> Now you should see a Bad Request error page because you haven't asked
> JOSM to do anything ;)
>
> This worked for me. The website still emits an alert that editing
> failed, but JOSM loads the data.
>
> Ruben
>
> That's only if HTTPS support is enabled in the Remote Control preferences.
> If it's not, my config, 8112 port -> unable to connect.
> And I conclude that the alert I receive too may be because of trying to use
> closed port 8112 before using port 8111.
>
> And my question is: why enable HTTPS if it causes problems?
> It encrypts information that's stays in your computer, doesn't it?
> Fearing that NSA would learn the locations you load via remote control?
>
> Cheers
>
> André.
>
> 2015-02-27 9:20 GMT+01:00 Glenn Plas <glenn at byte-consult.be> <glenn at byte-consult.be>:
>
> StartSSL is a free certificate provider, and most probably firefox
> doesn't have the intermediate certificate chain on board which means it
> cannot verify.
>
> That is probably the reason, although I do not see startSSL as the
> certificate writer, I see rapidSSL instead. startSSL is not really a
> great one to use actually for a site like this.
>
> Apple products have the same problem with the latest GoDaddy certificates.
> https://www.sslshopper.com/cheapest-ssl-certificates.html
>
> You might want to try this in firefox:https://127.0.0.1:8112/
> https://www.sslshopper.com/ssl-checker.html#hostname=https://www.openstreetmap.org
>
> And see if it gives you a chain error or not. It will work in chrome,
> but it depends on the browser.
>
> If you don't get the all-green in firefox, you just need to assemble a
> chain file with the missing intermediate certificates so the browser can
> validate.
>
> Note, this heavily depends on firefox (/browser) version, I see in my FF
> that it loads the intermediates fine:
>
> Common name: RapidSSL CA
> Organization: GeoTrust, Inc.
> Location: US
> Valid from February 19, 2010 to February 18, 2020
> Serial Number: 145105 (0x236d1)
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: GeoTrust Global CA
>
> Common name: GeoTrust Global CA
> Organization: GeoTrust Inc.
> Location: US
> Valid from May 20, 2002 to August 20, 2018
> Serial Number: 1227750 (0x12bbe6)
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: Equifax
>
> Glenn
>
>
> _______________________________________________
> Talk-be mailing listTalk-be at openstreetmap.orghttps://lists.openstreetmap.org/listinfo/talk-be
>
> _______________________________________________
> Talk-be mailing listTalk-be at openstreetmap.orghttps://lists.openstreetmap.org/listinfo/talk-be
>
>
>
> _______________________________________________
> Talk-be mailing list
> Talk-be at openstreetmap.org
> https://lists.openstreetmap.org/listinfo/talk-be
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/talk-be/attachments/20150228/7465c59a/attachment.htm>
More information about the Talk-be
mailing list