Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Extends SSL To Developer-Facing APIs

Posted by timothy on from the scramble-your-bits-please dept.

Orome1 writes "Firesheep's authors can be the satisfied with the gradual migration towards SSL that most of the biggest social networks, search engines, online shops and others have embarked upon since its advent. Google, which has already taken care of its users and encrypted its Web Search, Gmail and Google Docs, has now turned its attention to the APIs used by developers."

3 of 34 comments (clear)

  1. Re:Public pr0n by MrEricSir · · Score: 3, Funny

    This tells us two things:
    1. You have SafeSearch enabled.
    2. Somewhere, there's a soccer team called the Lesbian Midgets.

    --
    There's no -1 for "I don't get it."
  2. Re:Belt and suspenders by wunderbus · · Score: 3, Informative

    If you're using Java servlets, you can include the following in your web.xml:

    <!-- Redirects all http requests to https. Does not send cookies with the redirect. -->
    <security-constraint>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    <web-resource-collection>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    </security-constraint>

    <!-- Prevents the application from appending the session ID to the URL.
    Also makes the session cookie secure-only, so that if the user has
    an active session then makes a regular http request to your site,
    the session cookie won't be sent with that request. -->
    <session-config url-rewriting-enabled="false" cookie-secure="true" />

  3. and slashdot is still ignoring the problem by xophos · · Score: 4, Interesting

    Typing https://slashdot.org/ just brings you back to http://slashdot.org./
    Is it to hard to do, or does no one care here?