On Wed, 7 Oct 2009 10:56:32 +0200, Pieren <[email protected]> wrote: > On Wed, Oct 7, 2009 at 10:46 AM, Frederik Ramm >> Even now someone could create an OSM account with the name >> "Frederik_Ramm" and use this to vandalise. > > I agree with Frederik. The only risk of the plain password over the > network is that you took the same user name and password as for your > other applications which is something -I hope- nobody does. > Securing your login will not secure your contributions. >
Take it the other way: if the password can be send unancrypted, why do we need one at all? Why not give away the map data (that's all we need for JOSM) without authentication? Probably to keep track of changes and vadalism and to block or ban users after such. So I don't want to be blocked. I don't want to generate new accounts and loose my statistics and history just because someone messed around in my name. That's why I think OAuth is not the answer. It's for giving access to a subset of data (only map, but not messages), which is quite irrelevant here. I don't mind JOSM to read my messages, I mind others to change the map in my name. Regards, Stefan _______________________________________________ josm-dev mailing list [email protected] http://lists.openstreetmap.org/listinfo/josm-dev
