[OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?

[Lars Francke]

> Raise funds for better hardware that seamlessly handles encryption; or
> start modifying editors to support OAuth so that they can use SSL for
> the login part only - that would be a start. Write How-Tos etc. that
> explain OAuth to users.

Just as a side note: OSM currently implements OAuth 1.0 which is a
very nice step forward. Unfortunately in the time between development
(on OSM) and release a security flaw was identified and OAuth 1.0a was
released. So before encouraging a large scale usage of OAuth (it
requires changes in clients and servers) it would be nice if OSM were
updated to this newer version.

I'm normally always happy to provide patches but I am not familiar
enough with Ruby/RoR to do this kind of stuff.

Cheers,
Lars