What is needed to disable HTTP Basic Auth on the API?
пт, 12 янв. 2018 г. в 17:03, Andy Allan :
> In general, I'd like to disable HTTP Basic Auth to our API, and only
> use OAuth. This removes any need to share your OSM password with third
> parties. However, developers
On 1/12/2018 6:03 AM, Andy Allan wrote:
In general, I'd like to disable HTTP Basic Auth to our API, and only
use OAuth. This removes any need to share your OSM password with third
parties. However, developers often find it easier to build
integrations using basic auth, so I can imagine some
Well originally they weren't even using HTTPS for that form
submission. I opened an issue about it and at least HTTPS has been
implemented since then.
Issue: https://github.com/osmandapp/osmandapp.github.io/issues/37
Toby
On Fri, Jan 12, 2018 at 7:15 AM, Darafei "Komяpa" Praliaskouski
I’d like to remind everyone that OsmAnd is an open app, with both mobile and
webside code available on GitHub. The author would be grateful if anybody here
updated the php code to use OAuth instead of login and password:
https://github.com/osmandapp/osmandapp.github.io/tree/master/website
In general, I'd like to disable HTTP Basic Auth to our API, and only
use OAuth. This removes any need to share your OSM password with third
parties. However, developers often find it easier to build
integrations using basic auth, so I can imagine some opposition to
this.
Thanks,
Andy
On 12
Hi,
https://osmand.net/osm_live requests user's OSM password and e-mail in
exchange of promise of bitcoin payment.
There is no way to check that the password is not being collected, with or
without knowledge of service authors. At least 1100 accounts may be
affected.
Simplest attack vector may
6 matches
Mail list logo