I apologize, I am new to this and assume that I will mix some terms up.
I am trying to setup Google clientLogin and I am worried about sending my private information in the POST request.
From what I am reading, you have to create a post request to the URL they specify (https://www.google.com/accounts/ClientLogin) and POST the following data:
Email=<username>&Passwd=<password>&service=youtube&source=<source>
But if this request is just going over the wire, can't someone just sniff these requests and get your login information?
Is it encrypted because it is https?
Would I only have to worry about this with http?
To be honest I am quite confused doing all this and if in addition to an answer to my question someone can point me to a good tutorial to using Google Maps with private Fusion tables I will send positive thoughts your way!
- HTTP requests go over the wire in plaintext - and thus can be sniffed easily.
- HTTPS are HTTP requests made through the Secure Socket Layer (SSL), which provides data encryption between the client and the server, identifies the server, and (optionally) identifies the client.
So, although it's possible to sniff the encrypted data, they can be considered secure while in transit - in other words, an attacker would not see the plaintext.
There are various attacks on HTTPS, but the most common are easily detectable, e.g. if you get a certificate error on a HTTPS site that used to work normally, this may be a sign of an attempted attack. For additional reading, see the questions tagged SSL on security.stackexchange.com
Long story short: POST over HTTPS is much more secure than over HTTP. (You still need to handle the data carefully on client- and server-side, HTTPS is a transport protection)
See also: https://security.stackexchange.com/questions/5/does-an-established-ssl-connection-mean-a-line-is-really-secure
Yes, the post data is encrypted when you post over https. In fact, your entire request is encrypted.
It is an https connection. Meaning all data is encrypted.
https is: HyperText Transfer Protocol Secure
Just make sure the certificate is correct.
The certificate makes sure that the other end of the line is who you think it is.
For more info check out:
http://en.wikipedia.org/wiki/HTTPS
Generally speaking, everything over https is secure. Only standout exception I can think of (other than a compromised client/server) is making an SSL connection while using a shared (think internet cafe) network. While its rare, the nature of ssl connections makes it vulnerable to these types of attacks albeit, it doesn' make it 'script kiddie' easy-- just possible. [This is why many online banks will always do your mobile banking over 3/4g data and not wifi].
An invalid certificate should make you suspicious, but is not a defacto "this connection is secure" badge. Certs only verify that the server you are contacting is run by the people identified on the cert and technically isn't required to establish a secure connection.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 做个烂人 的文章《Can one's post request data be sniffed?》','https://www.manongdao.com/article-239753.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}