Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Extends SSL To Developer-Facing APIs

timothy posted more than 3 years ago | from the scramble-your-bits-please dept.

Google 34

Orome1 writes "Firesheep's authors can be the satisfied with the gradual migration towards SSL that most of the biggest social networks, search engines, online shops and others have embarked upon since its advent. Google, which has already taken care of its users and encrypted its Web Search, Gmail and Google Docs, has now turned its attention to the APIs used by developers."

cancel ×

34 comments

Sorry! There are no comments related to the filter you selected.

Public pr0n (-1)

Anonymous Coward | more than 3 years ago | (#35525438)

Though, whenever I'm browsing pr0n on Google Images, I still can't use SSL while that would be /the/ most important place to support SSL. You all agree, right? -F

Re:Public pr0n (0)

Anonymous Coward | more than 3 years ago | (#35525448)

That always struck me as odd as well. I can't believe Google isn't helping me hide my fetish for lesbian midget fisting.

Re:Public pr0n (1, Offtopic)

Shikaku (1129753) | more than 3 years ago | (#35525472)

I don't know what's worse: the fact that people image search porn on Google and want it private using https, or the fact that I had to confirm that lesbian midget fisting is a valid and easily found Google Image search.

Re:Public pr0n (0)

Anonymous Coward | more than 3 years ago | (#35525568)

Definitely the latter.

Re:Public pr0n (1)

captain_sweatpants (1997280) | more than 3 years ago | (#35525744)

No what's more disturbing is a search for lesbian midget porn mostly returns pictures of soccer players assembled for team photos. What the hell?? Now I'm thinking I should spice up my life a little and join a soccer team!

Re:Public pr0n (3, Funny)

MrEricSir (398214) | more than 3 years ago | (#35525958)

This tells us two things:
1. You have SafeSearch enabled.
2. Somewhere, there's a soccer team called the Lesbian Midgets.

Re:Public pr0n (1)

captain_sweatpants (1997280) | more than 3 years ago | (#35526326)

This tells us two things:
1. You have SafeSearch enabled.

Yes, I did have safe-search set to moderate! I swear I'd turned it off before and it was misleading because the vanilla porn still showed up. Thankfully my search now returns mucho fisting porno. Still a little disappointed at the lack of midgets involved though! Also, I feel like a noob!

2. Somewhere, there's a soccer team called the Lesbian Midgets.

Actually Lesbian&Midget&Fisting matches a LOT of soccer teams.

No Support For Linux Yet (0)

Anonymous Coward | more than 3 years ago | (#35525534)

Linux doesn't seem to be supported yet for this plug-in :(

Frist Post (0)

Anonymous Coward | more than 3 years ago | (#35525566)

But are first posts encrypted?

Good. (1)

mirix (1649853) | more than 3 years ago | (#35525654)

Encryption is like bacon. The more the better.

Re:Good. (2)

Malnar (1810062) | more than 3 years ago | (#35525734)

Until it clogs your computing arteries?

Re:Good. (1)

jgagnon (1663075) | more than 3 years ago | (#35529316)

At least your computer dies happy.

Re:Good. (1)

arndawg (1468629) | more than 3 years ago | (#35529560)

Cut the carbs and it won't clog you.

Re:Good. (0)

Anonymous Coward | more than 3 years ago | (#35525900)

They should make the whole pig into bacon. Bacon should be the only meat anyone eats. Bacon and beer would give you all the nutrients you need to survive.

Re:Good. (1)

bemymonkey (1244086) | more than 3 years ago | (#35526830)

Yes. Bacon is not only far superior to other meat, but also to salt.

Re:Good. (1)

SinShiva (1429617) | more than 3 years ago | (#35526788)

encryption is like eggs because we always only seem to have one fully functional option, concurrently

Kosher (1)

MrEricSir (398214) | more than 3 years ago | (#35526912)

You shouldn't use it if you're kosher?

Re:Good. (1)

Migala77 (1179151) | more than 3 years ago | (#35527650)

Encryption is like bacon. The more the better.

That's why I always use ROT-13 twice.

Its about time (-1, Troll)

happyslasher2 (2019574) | more than 3 years ago | (#35525848)

Did I say that one hacker gathered [blog.com] more that 10000 of gmail accounts that way?
We need to enable SSL as soon as possible.

Re:Its about time (0)

Anonymous Coward | more than 3 years ago | (#35526118)

I thought that he got over 9000 accounts.

Re:Its about time (0)

Anonymous Coward | more than 3 years ago | (#35526212)

pretty scary stuff, but gmail has had an "only use ssl" option for a while. I think it's now default, in the wake of the china/IE incident (which was mostly due to IE sucking ass).

Re:Its about time (0)

Anonymous Coward | more than 3 years ago | (#35526272)

goatse

Goatse link (0)

Anonymous Coward | more than 3 years ago | (#35527936)

The link takes you to goatse pic. What A nice way to start my day...

Belt and suspenders (2)

seifried (12921) | more than 3 years ago | (#35525972)

Since we generally can't just shutdown access to port 80 yet (people would just get errors and confused and angry) there are two methods you can use to transition clients to HTTPS. Use HTTP Strict Transport Security which will address newer clients like Chrome, ideally they access your site securely the first time and you essentially tell them "from now on use HTTPS" for a specific amount of time (the longer the better):

Header set Strict-Transport-Security "max-age=15552000"
Header append Strict-Transport-Security includeSubDomains

The second will address current clients, but will not prevent things like firesheep. However it will hopefully result in people bookmarking your site with HTTPS and so on (take the spaces out between the slashes):

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https: / / %{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]

This should also in theory cause any incoming links from sites that generate them dynamically (e.g. search engines) to take the permanent redirect and update their links (so if someone searches for you and clicks on the link it'll be an HTTPS link)

Re:Belt and suspenders (0)

Anonymous Coward | more than 3 years ago | (#35526154)

And of course I forgot to include a link to http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security [wikipedia.org] - posting anon since my karma is just fine

Re:Belt and suspenders (3, Informative)

wunderbus (1545573) | more than 3 years ago | (#35526368)

If you're using Java servlets, you can include the following in your web.xml:

<!-- Redirects all http requests to https. Does not send cookies with the redirect. -->
<security-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
</security-constraint>

<!-- Prevents the application from appending the session ID to the URL.
Also makes the session cookie secure-only, so that if the user has
an active session then makes a regular http request to your site,
the session cookie won't be sent with that request. -->
<session-config url-rewriting-enabled="false" cookie-secure="true" />

Re:Belt and suspenders (1)

wunderbus (1545573) | more than 3 years ago | (#35526414)

I believe there's also a way to add the HttpOnly flag to your session cookie, but I can't remember what it is. It's not as important as those other configuration settings though--all it does is prevent a certain type of XSS attack from exposing the session cookie, described here: http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html [codinghorror.com]

That said, if your website is open to any form of XSS, you have bigger problems.

Re:Belt and suspenders (0)

Anonymous Coward | more than 3 years ago | (#35526416)

If you're using Java servlets, you might as well kill yourself from how horrible it is.

Re:Belt and suspenders (0)

Anonymous Coward | more than 3 years ago | (#35535162)

I try this on my IIS metabase and now all errors from clients. THIS NOT GOOD!!11!
please To send the codes for correcting the porblem.

and slashdot is still ignoring the problem (4, Interesting)

xophos (517934) | more than 3 years ago | (#35528712)

Typing https://slashdot.org/ [slashdot.org] just brings you back to http://slashdot.org./ [slashdot.org.]
Is it to hard to do, or does no one care here?

Re:and slashdot is still ignoring the problem (2)

tlhIngan (30335) | more than 3 years ago | (#35531094)

Typing https://slashdot.org/ [slashdot.org] just brings you back to http://slashdot.org./ [slashdot.org.]
Is it to hard to do, or does no one care here?

The HTTPS site is for subscribers only - it's a backup in case /. gets so bogged down the regular HTTP bank is unusable. The admins use the HTTPS server, so subs can access the same servers the admins use. That was a few years ago, but I'd guess it's still true today.

http://news.slashdot.org/story/07/10/22/145209/Slashdots-Setup-Part-2--Software [slashdot.org]

bring you the best (0)

HappyKay (2020318) | more than 3 years ago | (#35529152)

Elegant handicraft [wonderful-bags.com] LV Men Wallet [wonderful-bags.com] fashion style [wonderful-bags.com] your personal fashion [wonderful-bags.com] Cheap LV Bag [wonderful-bags.com] Fashion Sunglasses [wonderful-bags.com] Buy bags with PayPal [wonderful-bags.com] your personal fashion store [wonderful-bags.com] Balenciaga 1:1 bags [wonderful-bags.com] Chanel 1:1 bags [wonderful-bags.com] Chloe 1:1 bags [wonderful-bags.com] Gucci 1:1 bags and sunglasses [wonderful-bags.com] Jimmy Choo 1:1 bags [wonderful-bags.com] Prada 1:1 bags [wonderful-bags.com] LV Handbags outlet [wonderful-bags.com] bring you the best [wonderful-bags.com] buy good quality bags with free shipping [wonderful-bags.com] Elegant gift for yourself and your friends [wonderful-bags.com] Discount LV handbags [wonderful-bags.com] LV Handbags on sale [wonderful-bags.com] Hermes wallets [wonderful-bags.com] Gucci handbags outlet [wonderful-bags.com] Chanel designer handbags outlet [wonderful-bags.com] Chanel 2011 handbags [wonderful-bags.com]

App Engine As Well (1)

Foresto (127767) | more than 3 years ago | (#35539118)

One of the long-standing shortcomings of App Engine was the lack of server certificate validation in the URL Fetch service. Google apparently took care of that [google.com] as well.

owaallaa@yahoo.com (0)

Anonymous Coward | more than 3 years ago | (#35567402)

Read Source:Sexy Chiffon Babydoll H2105 in Purple [australia-...ngerie.com] ,Men's Sexy Thong Underwear Leopard Lingerie H2509 [australia-...ngerie.com] ,Sexy Corset Bustier Lingerie + G-string H2170 Red [australia-...ngerie.com]
Suddenly he started. From the porter's room, two paces away from him, something shining under the bench to the right caught his eye.... He looked about him- nobody. He approached the room on tiptoe, went down two steps into it and in a faint voice called the porter. "Yes, not at home! Somewhere near though, in the yard, for the door is wide open." He dashed to the axe (it was an axe) and pulled it out from under the bench, where it lay between two chunks of wood; at once before going out, he made it fast in the noose, he thrust both hands into his pockets and went out of the room; no one had noticed him! "When reason fails, the devil helps!" he thought with a strange grin.
 
Tags:Sexy Lovely Plaid Mini Skirt H2247 [australia-...ngerie.com] ,Sexy Polyester Bikini Set H2078 in Gold [australia-...ngerie.com]

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?