Am 29.04.2010 15:40, colliar: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Ævar Arnfjörð Bjarmason schrieb: >> On Thu, Apr 29, 2010 at 12:04, colliar<[email protected]> wrote: >>> I thought at least with semi-automatic use OAuth was transfering with >>> encryption >>> ( and should also now with https) , but there is still a warning about no >>> secure >>> possibility on the wiki. >>> >>> Am I wrong or do we need to change this page. >> >> The wiki is wrong and needs to be brought up to date. > > Does that mean OAuth is now encrypted no matter which methode is used ? > If so, we should lead the user to use OAuth and to not use the normal login at > all, anymore.
No, OAuth is not about encryption at all. The inital OAuth setup call still allows to be listened into and the login+password to be retrieved. All subsequent API calls won't transmit username+PW but the token instead, but still the content is transferred unencrypted. btw. which wiki (article) are you referring to? Claudius _______________________________________________ josm-dev mailing list [email protected] http://lists.openstreetmap.org/listinfo/josm-dev
