GData does not validate server certificate
GoogleCodeExporter opened this issue · 1 comments
GoogleCodeExporter commented
What steps will reproduce the problem?
1. Send request to https://gdata.youtube.com/feeds/api/users/xxxx/yyyy
2. Perform a Man In The Middle (MITM) attack
What is the expected output? What do you see instead?
The GData framework should validate the server certificates or expose APIs to
the developer to check the server certificate. Otherwise, third parties are
able to view and modify data in transit. This violates both confidentiality of
sensitive information and integrity for all data.
Original issue reported on code.google.com by rahul.de...@gmail.com
on 18 Mar 2015 at 9:29
GoogleCodeExporter commented
Use of the GData library for YouTube APIs is deprecated. Please use the
JSON-based library at https://code.google.com/p/google-api-objectivec-client/
Original comment by grobb...@google.com
on 24 Mar 2015 at 7:51
- Changed state: Invalid