On Sat, 26 Feb 2011, Dirk Stöcker wrote:
2. what parts of JOSM will not work as long as the server is down?
Every automatism (update-list, plugins-list, style-list, help and start
page), and Yahoo download. For all of these users would need to do the manual
way - download and install :-) The same as when using JOSM offline.
To make it clearer:
JOSM accesses following server values:
/plugins
* collected list of plugins and their meta information
/plugin-icons.zip
* collected list of plugin icons to make plugin table nicer
/styles
* collected list of external styles to be used for installation
/presets
* collected list of external presets to be used for installation
- StartupPage and Help as well as their translations for display
- Yahoo-WMS-Access-script
None of these are criticial infrastructure and all pass through certain
layers of security checks, so malcontent must be carefully crafted. The
easiest is to write a dangerous plugin (due to bugs in older versions you
can produce exceptions (e.g. NPE) with crafted styles/presets as well).
Attacking through the web-services itself is much more complicated, as you
need to trick Trac as well as the JOSM server checks and JOSM itself. Yes,
it is possible, but even if I spend my whole days checking and fixing
holes I can't prevent it.
Since the time we accessed the web-pages directly to extract
information, there have been many improvements and the newest changes
again reduce the influence of external hosted contents. It is much easier
to have plugins in OSM-SVN than to develop them external, so nearly all of
them are in OSM-SVN, where we can have a look at. Now we created a system,
which makes adding styles/presets in the wiki much easier than handling
them externally, so the number of externally managed content will decrease
over time and it is easier to have a look at that stuff.
Ciao
--
http://www.dstoecker.eu/ (PGP key available)
_______________________________________________
josm-dev mailing list
josm-dev@openstreetmap.org
http://lists.openstreetmap.org/listinfo/josm-dev