Insecurity of Google's ClientLogin Protocol
3 views
Skip to first unread message
Alex
May 18, 2011, 3:26:56 AM5/18/11
to floatingimage-discuss
Hi!
What about http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html?
Any concerns here?
Thanks for the info,
Alex
What about http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html?
Any concerns here?
Thanks for the info,
Alex
Mark Gjoel
May 18, 2011, 3:46:08 AM5/18/11
to floatingim...@googlegroups.com
As far as I remember (I'm not sitting with the code right now) I do in
fact use an insecure line. However, I only ask for read permissions,
and the protocol you use for talking to the Picasa API is quite
secure, so if worse _should_ come to worst, you don't have to fear for
anything worse than someone being able to read your private pictures.
Complete access to your account by a third party should not be
possible.
fact use an insecure line. However, I only ask for read permissions,
and the protocol you use for talking to the Picasa API is quite
secure, so if worse _should_ come to worst, you don't have to fear for
anything worse than someone being able to read your private pictures.
Complete access to your account by a third party should not be
possible.
I will however investigate this.
Cheers,
- Mark
Reply all
Reply to author
Forward
0 new messages