Force HTTPS for GMail, GCal, and GDocs

By Anmar Mansur Last update Aug 18, 2007 — Installed 3,578 times.

Archived Comments (locked)

in
Subscribe to Archived Comments 4 posts, 4 voices



Nov 17, 2004 1:05am
Jesse Andrews Admin

The following is an archive of comments made before threaded discussions was implemented (November 16th, 2008)
 
Apr 28, 2008 9:28am
Anmar Mansur Script's Author

Victor, granted your script works in more cases than my Force HTTPS for GMail, GCal, and GDocs script, but yours only modifies the protocol to secure HTTPS after the page has loaded in non-secure HTTP and the damage was already done.

In a man in the middle attack scenario, the attacker will obtain access to an authenticated session with your Google service of choice, while you unknowingly continue to use the service over HTTPS feeling (falsely) secure.

I strongly suggest you modify your script or take it down immediately.
 
Apr 27, 2008 6:46pm
Víctor Sánchez Scriptwright

Related script: http://userscripts.org/scripts/show/14161
 
Aug 21, 2007 2:53pm
Jonny Scriptwright

Good script!