markflowers / gdata-objectivec-client

Automatically exported from code.google.com/p/gdata-objectivec-client
Other
0 stars 0 forks source link

GData does not validate server certificate #179

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Send request to https://gdata.youtube.com/feeds/api/users/xxxx/yyyy
2. Perform a Man In The Middle (MITM) attack

What is the expected output? What do you see instead?
The GData framework should validate the server certificates or expose APIs to 
the developer to check the server certificate. Otherwise, third parties are 
able to view and modify data in transit. This violates both confidentiality of 
sensitive information and integrity for all data.

Original issue reported on code.google.com by rahul.de...@gmail.com on 18 Mar 2015 at 9:29

GoogleCodeExporter commented 9 years ago
Use of the GData library for YouTube APIs is deprecated. Please use the 
JSON-based library at https://code.google.com/p/google-api-objectivec-client/

Original comment by grobb...@google.com on 24 Mar 2015 at 7:51