Tuesday, March 22, 2011

Google forces increased security

Google is introducing mandatory SSL encryption for connecting to its service application interfaces in order to increase security for end users.

Google demands strict SSL requirements for accession to the api-service from fall 2011. Currently Google uses Secure Sockets Layer (SSL) protection for several of its service-based applications, such as Google Docs and Gmail. This will now be expanded to include application interfaces (APIs) for developers. From September 15, 2011 obliges the api-connections to the company's Google Documents List API, Google Spreadsheets API and Google Sites API uses SSL.

The idea of the encryption requirement is to increase the safety of traffic going between Google's services and end user clients and software to prevent content from being intercepted by unauthorized parties.

Google also announced that developers who use its existing OAuth authentication api will be able to continue for the https addresses. For end-users of Google's services will change to be minimal and are generally only visible in the form of URLs that begin with https instead of http. The addition of "s" indicates that the traffic is protected encryption, reducing the risk of so-called man-in-the-middle attacks, based on the interception of data traffic.

Recently, several other Web services started deploying ssl as basic protection. Last year, Microsoft's Hotmail email service supports this, while also rolls up the protection of its users. For micro-bloggers who rely on Twitter, ssl is optional but recommended.

No comments:

Post a Comment