OAuth is propagated as secure
|Reported by:||anonymous||Owned by:||team|
In JOSM startup page, OAuth is propagated as alternative if I dont like my credentials to be sent in plain text.
This ist very misleading, as with OAuth, my credentials are also sent unencrypted. When talking about security, It's no matter if credentials are sent once or every time. Sending them over the net is sending them over the net. As OSM does not support any encryption, so we should not draw a picture of a secure authentication with OAuth.
I consider this a security bug (in the Startup Notes, not in JOSM).
Change History (3)
comment:2 Changed 3 years ago by anonymous
- Resolution fixed deleted
- Status changed from closed to reopened