On 21 April 2015 at 15:58, Serge Wroclawski <[email protected]> wrote:
> Seeing the ticket, I think that the behavior here is what I'd expect > it to be, and what I think many people would expect as well. > > It doesn't seem like this is related to iD ignoring cookies, but about > how you were logged into an account and authorized iD to edit on > behalf of one of them. I'm not sure that iD could really be doing > anything radically different. > > This is no different than other sites which use cross site > authentication systems, ie Google, Facebook, etc. > > As for it being a security issue- if you logged out of osm.org before > authenticating yourself from iD, then yes, I see a potential serious > problem, but that's not what I see reported here. > > - Serge > > > So if I'm logged in to osm as FRED you think it's ok for iD to allow me to use DERF's account - as that is what happened. -- Mike. @millomweb <https://sites.google.com/site/millomweb/index/introduction> - For all your info on Millom and South Copeland via *the area's premier website - * *currently unavailable due to ongoing harassment of me, my family, property & pets* T&Cs <https://sites.google.com/site/pmailkeey/e-mail>
_______________________________________________ talk mailing list [email protected] https://lists.openstreetmap.org/listinfo/talk
