There also does not appear to be any provision on the OSM web site for changing to a new password, which is something that one should do occasionally. At least, if there is a way to do so, I haven't found it.
-- John F. Eldredge -- [email protected] "Reserve your right to think, for even to think wrongly is better than not to think at all." -- Hypatia of Alexandria -----Original Message----- From: John Smith <[email protected]> Date: Wed, 23 Dec 2009 00:11:43 To: Talk Openstreetmap<[email protected]> Subject: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords? When does anyone plan to use SSL to protect passwords and users on OSM? I noticed the other day about how JOSM puts this in it's MOTD: "Your username and password are sent to the server unencrypted. If you do not like this, do not upload." While I'm aware that this is occurring, many others may not and may be put off with statements like the above. While removing that statement from JOSM might fix some of the image problems, it doesn't do anything for real security. There has even been a bug on this issue for 3 years! http://trac.openstreetmap.org/ticket/275 This is even more concerning when you add into the mix the UK government is trying to record globs and globs of additional information on data travelling across internet links in the UK, among other things. http://go.theregister.com/feed/www.theregister.co.uk/2009/12/22/mobile_imp/ As has been pointed out on the trac ticket, OSM should be eligible for a free cert from godaddy, then there is ideological reasons for supporting other options like CAcert, just like many support OSM for ideological reasons rather than Google. I realise there is some APIs floating about that use alternative authentication schemes, but the majority of users will be sending their passwords (and everything else for that matter) clear text over the internet for all and sundry to snoop on. Is it really reasonable to not offer SSL encryption? _______________________________________________ talk mailing list [email protected] http://lists.openstreetmap.org/listinfo/talk _______________________________________________ talk mailing list [email protected] http://lists.openstreetmap.org/listinfo/talk
