SSL / HTTPS not supported in Google Data Protocols

[GoogleCodeExporter]

While Google Data authentication takes place over HTTPS, the actual
transmission of data requests and responses is only available over standard
HTTP, leading to loss of privacy. Further, the authentication key is sent
entirely in the clear, opening up the possibility of session hijacking.
Google should permit Google Data sessions to take place entirely over a
secure protocol.

Original issue reported on code.google.com by vertespain@gmail.com on 8 Jun 2009 at 10:31

[GoogleCodeExporter]

Then use it. All services, afaik, do support standard https protocol.

Furthermore, the authentication key is send in an http header, the key itself 
is only valid for a certain period 
of time. The key itself is not exposing username or password information, so 
while it would be in theory 
possible to hijack your datasstream, extract the information etc, and use this 
for a bit,  this is always possible 
when someone get's inbetween you and your target on the internet. Now, how do 
you suspect this could be 
happening easily? 

Last, but not least, this is the .NET client library bug reporting forum. As 
this is not a client library issue (the 
library supports switching to https if you so desire), you might want to bring 
this up on the service issue 
buglist.

Original comment by fman...@gmail.com on 18 Jun 2009 at 9:24

• Changed state: ByDesign