Menu
I apologize, I am new to this and assume that I will mix some terms up.
I am trying to setup Google clientLogin and I am worried about sending my private information in the POST request.
From what I am reading, you have to create a post request to the URL they specify (https://www.google.com/accounts/ClientLogin) and POST the following data:
Email=<username>&Passwd=<password>&service=youtube&source=<source>
But if this request is just going over the wire, can't someone just sniff these requests and get your login information?
Is it encrypted because it is https? Would I only have to worry about this with http?
To be honest I am quite confused doing all this and if in addition to an answer to my question someone can point me to a good tutorial to using Google Maps with private Fusion tables I will send positive thoughts your way!
280
So, although it's possible to sniff the encrypted data, they can be considered secure while in transit - in other words, an attacker would not see the plaintext.
There are various attacks on HTTPS, but the most common are easily detectable, e.g. if you get a certificate error on a HTTPS site that used to work normally, this may be a sign of an attempted attack. For additional reading, see the questions tagged SSL on security.stackexchange.com
Long story short: POST over HTTPS is much more secure than over HTTP. (You still need to handle the data carefully on client- and server-side, HTTPS is a transport protection)
See also: https://security.stackexchange.com/questions/5/does-an-established-ssl-connection-mean-a-line-is-really-secure
89
Yes, the post data is encrypted when you post over https. In fact, your entire request is encrypted.
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
