Archived Comments (locked)
|Jesse Andrews Admin||
The following is an archive of comments made before threaded discussions was implemented (November 16th, 2008)
|Anmar Mansur Script's Author||
Victor, granted your script works in more cases than my Force HTTPS for GMail, GCal, and GDocs script, but yours only modifies the protocol to secure HTTPS after the page has loaded in non-secure HTTP and the damage was already done.
In a man in the middle attack scenario, the attacker will obtain access to an authenticated session with your Google service of choice, while you unknowingly continue to use the service over HTTPS feeling (falsely) secure.
I strongly suggest you modify your script or take it down immediately.
|Víctor Sánchez Scriptwright||
Related script: http://userscripts.org/scripts/show/14161