Re: [OSM-talk] Why doesn't OSM implement a simple measure to protectit's users and passwords?
There also does not appear to be any provision on the OSM web site for changing to a new password, which is something that one should do occasionally. At least, if there is a way to do so, I haven't found it. -- John F. Eldredge -- j...@jfeldredge.com Reserve your right to think, for even to think wrongly is better than not to think at all. -- Hypatia of Alexandria -Original Message- From: John Smith deltafoxtrot...@gmail.com Date: Wed, 23 Dec 2009 00:11:43 To: Talk Openstreetmaptalk@openstreetmap.org Subject: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords? When does anyone plan to use SSL to protect passwords and users on OSM? I noticed the other day about how JOSM puts this in it's MOTD: Your username and password are sent to the server unencrypted. If you do not like this, do not upload. While I'm aware that this is occurring, many others may not and may be put off with statements like the above. While removing that statement from JOSM might fix some of the image problems, it doesn't do anything for real security. There has even been a bug on this issue for 3 years! http://trac.openstreetmap.org/ticket/275 This is even more concerning when you add into the mix the UK government is trying to record globs and globs of additional information on data travelling across internet links in the UK, among other things. http://go.theregister.com/feed/www.theregister.co.uk/2009/12/22/mobile_imp/ As has been pointed out on the trac ticket, OSM should be eligible for a free cert from godaddy, then there is ideological reasons for supporting other options like CAcert, just like many support OSM for ideological reasons rather than Google. I realise there is some APIs floating about that use alternative authentication schemes, but the majority of users will be sending their passwords (and everything else for that matter) clear text over the internet for all and sundry to snoop on. Is it really reasonable to not offer SSL encryption? ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protectit's users and passwords?
On 22/12/2009 16:27, John F. Eldredge wrote: There also does not appear to be any provision on the OSM web site for changing to a new password See http://www.openstreetmap.org/user/your display name/account where there are two password boxes. Fill them both in to change your password. -- Jonathan (Jonobennett) ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protectit's users and passwords?
2009/12/22 John F. Eldredge j...@jfeldredge.com: There also does not appear to be any provision on the OSM web site for changing to a new password, which is something that one should do occasionally. At least, if there is a way to do so, I haven't found it. Select your name at the top, (Its a link) Then My Settings Change you password and save changes. Peter. -- John F. Eldredge -- j...@jfeldredge.com Reserve your right to think, for even to think wrongly is better than not to think at all. -- Hypatia of Alexandria -Original Message- From: John Smith deltafoxtrot...@gmail.com Date: Wed, 23 Dec 2009 00:11:43 To: Talk Openstreetmaptalk@openstreetmap.org Subject: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords? When does anyone plan to use SSL to protect passwords and users on OSM? I noticed the other day about how JOSM puts this in it's MOTD: Your username and password are sent to the server unencrypted. If you do not like this, do not upload. While I'm aware that this is occurring, many others may not and may be put off with statements like the above. While removing that statement from JOSM might fix some of the image problems, it doesn't do anything for real security. There has even been a bug on this issue for 3 years! http://trac.openstreetmap.org/ticket/275 This is even more concerning when you add into the mix the UK government is trying to record globs and globs of additional information on data travelling across internet links in the UK, among other things. http://go.theregister.com/feed/www.theregister.co.uk/2009/12/22/mobile_imp/ As has been pointed out on the trac ticket, OSM should be eligible for a free cert from godaddy, then there is ideological reasons for supporting other options like CAcert, just like many support OSM for ideological reasons rather than Google. I realise there is some APIs floating about that use alternative authentication schemes, but the majority of users will be sending their passwords (and everything else for that matter) clear text over the internet for all and sundry to snoop on. Is it really reasonable to not offer SSL encryption? ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
