Enforce SSL on the contacts APIs
Wednesday, December 19, 2012
Google Apps administrators now have the ability to enforce SSL connections on the Contacts APIs through a setting in the control panel. This setting provides added security against session hijacking and user impersonation. It affects these APIs:
- Contacts API
- Domain Shared Contacts API
- Google Apps Profiles API
Note that this setting will be OFF by default because some widely used legacy contacts applications do not support SSL. Early next year, we will set the Enforce SSL option to ON for all new domains and all existing domains where we do not detect a contacts API request from one of these legacy applications within the previous week.
Editions included:
Google Apps for Business, Education and Government
For more information:
https://support.google.com/a/bin/answer.py?hl=en&answer=2892234
whatsnew.googleapps.com
Get these product update alerts by email
Subscribe to the RSS feed of these updates
- Contacts API
- Domain Shared Contacts API
- Google Apps Profiles API
Note that this setting will be OFF by default because some widely used legacy contacts applications do not support SSL. Early next year, we will set the Enforce SSL option to ON for all new domains and all existing domains where we do not detect a contacts API request from one of these legacy applications within the previous week.
Editions included:
Google Apps for Business, Education and Government
For more information:
https://support.google.com/a/bin/answer.py?hl=en&answer=2892234
whatsnew.googleapps.com
Get these product update alerts by email
Subscribe to the RSS feed of these updates