[OSM-talk] Why doesn't OSM implement a simple measure to protectit's users and passwords?

Peter Childs pchilds at bcs.org
Tue Dec 22 16:38:32 GMT 2009 

2009/12/22 John F. Eldredge <john at jfeldredge.com>:
> There also does not appear to be any provision on the OSM web site for changing to a new password, which is something that one should do occasionally.  At least, if there is a way to do so, I haven't found it.
>

Select your name at the top, (Its a link)

Then My Settings

Change you password and save changes.

Peter.

> --
> John F. Eldredge -- john at jfeldredge.com
> "Reserve your right to think, for even to think wrongly is better than not to think at all." -- Hypatia of Alexandria
>
> -----Original Message-----
> From: John Smith <deltafoxtrot256 at gmail.com>
> Date: Wed, 23 Dec 2009 00:11:43
> To: Talk Openstreetmap<talk at openstreetmap.org>
> Subject: [OSM-talk] Why doesn't OSM implement a simple measure to protect
>        it's users and passwords?
>
> When does anyone plan to use SSL to protect passwords and users on OSM?
>
> I noticed the other day about how JOSM puts this in it's MOTD:
>
> "Your username and password are sent to the server unencrypted. If you
> do not like this, do not upload."
>
> While I'm aware that this is occurring, many others may not and may be
> put off with statements like the above. While removing that statement
> from JOSM might fix some of the image problems, it doesn't do anything
> for real security.
>
> There has even been a bug on this issue for 3 years!
>
> http://trac.openstreetmap.org/ticket/275
>
> This is even more concerning when you add into the mix the UK
> government is trying to record globs and globs of additional
> information on data travelling across internet links in the UK, among
> other things.
>
> http://go.theregister.com/feed/www.theregister.co.uk/2009/12/22/mobile_imp/
>
> As has been pointed out on the trac ticket, OSM should be eligible for
> a free cert from godaddy, then there is ideological reasons for
> supporting other options like CAcert, just like many support OSM for
> ideological reasons rather than Google.
>
> I realise there is some APIs floating about that use alternative
> authentication schemes, but the majority of users will be sending
> their passwords (and everything else for that matter) clear text over
> the internet for all and sundry to snoop on.
>
> Is it really reasonable to not offer SSL encryption?
>
> _______________________________________________
> talk mailing list
> talk at openstreetmap.org
> http://lists.openstreetmap.org/listinfo/talk
> _______________________________________________
> talk mailing list
> talk at openstreetmap.org
> http://lists.openstreetmap.org/listinfo/talk
>

More information about the talk mailing list