Hi there, sorry, I can't find the original thread about the problem that JOSM transfers passwords unprotected to the server...
Perhaps my understanding of security is mistaken, but this is the way, how *I* would do it: 1. Set up two small servers (Atom) in the same network as the database server. 2. One of the servers (A) has access to LAN only, the other (B) acts as a webserver with HTTPS. 3. Whenever a OSM-user wants to upload data, JOSM could send the request "get new token" to server (B). This would request a new token by server (A) and send it to the database server on LAN and to the user via HTTPS. The token could contain something like an IP and timestamp with expire-time. 4. I think, the passwords are stored in MD5 on the DB-server. JOSM should create a hash of the user's password with MD5 and encrypted it with the received token. 5. When the user wants to log in, the encrypted password gets transmitted to the DB-server. Now, the DB-server reads the MD5-checksum for the username and encrypts it with the token it has got from the token server in LAN. 6. This "password" would only be active, until it expires or until a new one gets requested. Sounds secure to me and would be easy to setup. Perhaps, it would be okay to run server (A) in a VM... Best regards, Tobias _______________________________________________ josm-dev mailing list [email protected] http://lists.openstreetmap.org/listinfo/josm-dev
