[OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
John Smith
deltafoxtrot256 at gmail.com
Sat Dec 26 01:46:14 GMT 2009
2009/12/26 Matt Amos <zerebubuth at gmail.com>:
> because OAuth does cryptographic signing of the requests.
Via a clear channel, which can be proxied and mangled and so on.
> OSM is already being attacked by some vandals and some spam bots. but
> none of these attacks have been against the authentication parts of
> OSM.
Cost v benefit, there is little benefit in vandalism at this point in
time beyond ego trips, but as things grow more popular that doesn't
mean things won't become more interesting when it becomes a potential
financial benefit to create damage, say if a Government decides that
it doesn't like that OSM is publishing accurate maps of their country
and in turn are loosing out on revenues, so they spend a little money
to disrupt things.
More information about the talk
mailing list