Forgot your password?
typodupeerror
Google Encryption Security IT

Google Extends SSL To Developer-Facing APIs 34

Orome1 writes "Firesheep's authors can be the satisfied with the gradual migration towards SSL that most of the biggest social networks, search engines, online shops and others have embarked upon since its advent. Google, which has already taken care of its users and encrypted its Web Search, Gmail and Google Docs, has now turned its attention to the APIs used by developers."
This discussion has been archived. No new comments can be posted.

Google Extends SSL To Developer-Facing APIs

Comments Filter:
  • by wunderbus ( 1545573 ) on Friday March 18, 2011 @01:02AM (#35526368)
    If you're using Java servlets, you can include the following in your web.xml:

    <!-- Redirects all http requests to https. Does not send cookies with the redirect. -->
    <security-constraint>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    <web-resource-collection>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    </security-constraint>

    <!-- Prevents the application from appending the session ID to the URL.
    Also makes the session cookie secure-only, so that if the user has
    an active session then makes a regular http request to your site,
    the session cookie won't be sent with that request. -->
    <session-config url-rewriting-enabled="false" cookie-secure="true" />

On the Internet, nobody knows you're a dog. -- Cartoon caption

Working...