[OSM-talk] iD Security
Serge Wroclawski
emacsen at gmail.com
Tue Apr 21 14:58:27 UTC 2015
Seeing the ticket, I think that the behavior here is what I'd expect
it to be, and what I think many people would expect as well.
It doesn't seem like this is related to iD ignoring cookies, but about
how you were logged into an account and authorized iD to edit on
behalf of one of them. I'm not sure that iD could really be doing
anything radically different.
This is no different than other sites which use cross site
authentication systems, ie Google, Facebook, etc.
As for it being a security issue- if you logged out of osm.org before
authenticating yourself from iD, then yes, I see a potential serious
problem, but that's not what I see reported here.
- Serge
On Tue, Apr 21, 2015 at 10:46 AM, Tom MacWright <tom at macwright.org> wrote:
> Please link to the ticket: https://github.com/openstreetmap/iD/issues/2588
>
> On Tue, Apr 21, 2015 at 10:39 AM, pmailkeey . <pmailkeey at googlemail.com>
> wrote:
>>
>> Hi All,
>>
>> I've been using iD for a bit now to make map edits. I've been reporting
>> back issues with iD to Bryan including a recent discovery that when you log
>> out of iD, as it doesn't clear local cookies someone else can log in as you
>> in your absence. Bryan isn't interested in remedying this issue so I
>> wondered what other users felt about it.
>>
>> --
>> Mike.
>> @millomweb - For all your info on Millom and South Copeland
>> via the area's premier website -
>>
>> currently unavailable due to ongoing harassment of me, my family, property
>> & pets
>>
>> T&Cs
>>
>> _______________________________________________
>> talk mailing list
>> talk at openstreetmap.org
>> https://lists.openstreetmap.org/listinfo/talk
>>
>
>
> _______________________________________________
> talk mailing list
> talk at openstreetmap.org
> https://lists.openstreetmap.org/listinfo/talk
>
More information about the talk
mailing list