Changes between Version 21 and Version 22 of Help/Dialog/OAuthAuthorisationWizard

Timestamp:

2010-05-03T16:28:50+02:00 (15 years ago)

Author:

anonymous

Comment:

Remove the other warning about insecure password use with OAuth, as that is no longer true

Help/Dialog/OAuthAuthorisationWizard

@@ -11 +11 @@
 OAuth has two major advantages over Basic Authentication:
   1. Your OSM password doesn't have to be saved in clear text in the JOSM preferences file.
-  2. Your OSM password has to be transferred '''only once''' over the Internet, in contrast to basic authentication where your OSM password is transferred as part of every request sent from JOSM to the OSM server. 
-
-{{{
-#!html
-<p style="background-color:rgb(253,255,221);padding: 10pt; border-color:rgb(128,128,128);border-style: solid; border-width: 1px;">
-<strong>Warning!</strong><br/>
-Currently, the OSM server doesn't offer a secure communication channel. Even if you use OAuth your password is therefore transferred <strong>once in clear text</strong> over the Internet. <strong>Do not use a valuable password</strong> until the OSM server provides a secure communication channel (HTTPS).
-</p>
-}}}
+  2. Your OSM password has to be transferred '''only once''' over the Internet on a secure connection, in contrast to basic authentication where your OSM password is transferred as part of every request sent from JOSM to the OSM server in clear text. 
 
 In OAuth terminology, a JOSM user authorises JOSM to access the OSM server on the user's behalf. During the authorisation process the OSM password never needs to be entered into a JOSM dialog if the user doesn't fully trust JOSM (unless wanting to for convenience reasons [wiki:/Help/Dialog/OAuthAuthorisationWizard#FullyAutomaticAuthorisation see here]). Rather, the OSM server issues an Access Token which JOSM presents to the OSM server when it uploads data on behalf of the user. Access Tokens don't reveal the user's password and they can be revoked at any time.