Re: [josm-dev] OAuth secure ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Claudius schrieb: No, OAuth is not about encryption at all. The inital OAuth setup call still allows to be listened into and the login+password to be retrieved. All subsequent API calls won't transmit username+PW but the token instead, but still the content is transferred unencrypted. Got it - thanks btw. which wiki (article) are you referring to? http://josm.openstreetmap.de/wiki/Help/Preferences/Connection#OAuthbasedauthentication colliar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEAREIAAYFAkvhZmsACgkQalWTFLzqsCthHgCdG63IiebKWBWtbC1Sq/fOLBtR KAoAnj59AwUWQecB0gpQmGSl7s6QL4EV =O2hc -END PGP SIGNATURE- ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] OAuth secure ?
Am 29.04.2010 15:40, colliar: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ævar Arnfjörð Bjarmason schrieb: On Thu, Apr 29, 2010 at 12:04, colliarcolliar4e...@aol.com wrote: I thought at least with semi-automatic use OAuth was transfering with encryption ( and should also now with https) , but there is still a warning about no secure possibility on the wiki. Am I wrong or do we need to change this page. The wiki is wrong and needs to be brought up to date. Does that mean OAuth is now encrypted no matter which methode is used ? If so, we should lead the user to use OAuth and to not use the normal login at all, anymore. No, OAuth is not about encryption at all. The inital OAuth setup call still allows to be listened into and the login+password to be retrieved. All subsequent API calls won't transmit username+PW but the token instead, but still the content is transferred unencrypted. btw. which wiki (article) are you referring to? Claudius ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] OAuth secure ?
On Thu, Apr 29, 2010 at 12:04, colliar colliar4e...@aol.com wrote: I thought at least with semi-automatic use OAuth was transfering with encryption ( and should also now with https) , but there is still a warning about no secure possibility on the wiki. Am I wrong or do we need to change this page. The wiki is wrong and needs to be brought up to date. ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] OAuth secure ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ævar Arnfjörð Bjarmason schrieb: On Thu, Apr 29, 2010 at 12:04, colliar colliar4e...@aol.com wrote: I thought at least with semi-automatic use OAuth was transfering with encryption ( and should also now with https) , but there is still a warning about no secure possibility on the wiki. Am I wrong or do we need to change this page. The wiki is wrong and needs to be brought up to date. Does that mean OAuth is now encrypted no matter which methode is used ? If so, we should lead the user to use OAuth and to not use the normal login at all, anymore. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEAREIAAYFAkvZjDkACgkQalWTFLzqsCu0OQCcDCvWUeFE8/48F4XL71WEdXW+ 24oAnig74Vg4WttJ99fQxEpXFWFLSNpy =B2BZ -END PGP SIGNATURE- ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev