Opened 15 years ago
Closed 15 years ago
#4479 closed defect (fixed)
OAuth is propagated as secure
| Reported by: | anonymous | Owned by: | team |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | unspecified | Version: | |
| Keywords: | Cc: |
Description
In JOSM startup page, OAuth is propagated as alternative if I dont like my credentials to be sent in plain text.
This ist very misleading, as with OAuth, my credentials are also sent unencrypted. When talking about security, It's no matter if credentials are sent once or every time. Sending them over the net is sending them over the net. As OSM does not support any encryption, so we should not draw a picture of a secure authentication with OAuth.
I consider this a security bug (in the Startup Notes, not in JOSM).
Attachments (0)
Change History (3)
comment:1 by , 15 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:2 by , 15 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
No. I removed the word "sichere" from the german version of the newest tagline.
But below, there is a multilingual statement that if you don't want to have your credentials transmittet in plain text, you should use OAuth.
comment:3 by , 15 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
Changed it into "you may consider to use OAuth". Everything else is describe in the help page for OAuth. And JOSM at least twice displays a warning that userid/password might be transmitted unencrypted, even if using OAuth.
Somebody (probably you) has already fixed this in the StartupSource.
Closing as fixed.