[OSM-talk] iD Security
pmailkeey at googlemail.com
Tue Apr 21 15:10:09 UTC 2015
On 21 April 2015 at 15:58, Serge Wroclawski <emacsen at gmail.com> wrote:
> Seeing the ticket, I think that the behavior here is what I'd expect
> it to be, and what I think many people would expect as well.
> It doesn't seem like this is related to iD ignoring cookies, but about
> how you were logged into an account and authorized iD to edit on
> behalf of one of them. I'm not sure that iD could really be doing
> anything radically different.
> This is no different than other sites which use cross site
> authentication systems, ie Google, Facebook, etc.
> As for it being a security issue- if you logged out of osm.org before
> authenticating yourself from iD, then yes, I see a potential serious
> problem, but that's not what I see reported here.
> - Serge
So if I'm logged in to osm as FRED you think it's ok for iD to allow me to
use DERF's account - as that is what happened.
@millomweb <https://sites.google.com/site/millomweb/index/introduction> -
For all your info on Millom and South Copeland
via *the area's premier website - *
*currently unavailable due to ongoing harassment of me, my family, property
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the talk