On Sat, Dec 26, 2009 at 1:46 AM, John Smith <[email protected]> wrote: > 2009/12/26 Matt Amos <[email protected]>: >> because OAuth does cryptographic signing of the requests. > > Via a clear channel, which can be proxied and mangled and so on.
proxied yes, mangled no. the cryptographic signature which OAuth performs allows the server to detect if the request was modified en-route and it will reject it if so. OAuth isn't a substitute for SSL, but it is a substitute for passwords which means that requests are secure and your password doesn't go in the clear. to securely create an OAuth token we need SSL, but Tom has already said that's on his todo list. cheers, matt _______________________________________________ talk mailing list [email protected] http://lists.openstreetmap.org/listinfo/talk
