Hi, Lars Francke wrote: > If HTTPS is ever offered we have two options (as we do now):
A third option with a non-standard auth token being generated was discussed in this thread, and that's probably what Stefan was referring to. > And yes OAuth is implemented for OSM[5]. > [...] But until HTTPS is offered it doesn't really make sense to > switch/implement it. Assuming that all environments are equally unsafe and that the attacker watches your every step, yes. But if you, like the original poster, are concerned about your password being sniffed while using a public network, then OAuth would protect you from that because you do the unencrypted password authorisation only once, e.g. from home. Bye Frederik _______________________________________________ josm-dev mailing list [email protected] http://lists.openstreetmap.org/listinfo/josm-dev
