[Mak213]

In July of this year, Google finally gave webmail users a way to make sure that Gmail always used SSL - the protocol that encrypts connections to prevent hijacking. Through a flip of switch in Gmail's settings, users could rest assured that their email was at least less vulnerable, if not totally secure from hackers. However, Gmail is not the only Google-based web application where you may be storing personal data. Your files stored in Google Docs should be protected, too. But are they?

Who Has Secure Docs?

For many users of Google Docs, that answer is "no." According to Google's Help Topic on SSL as well as their Google Apps Edition comparison guide, SSL is a feature only made available to users of Google Apps Premier and Education Editions. However, in some informal testing on our part, it appears that users of Google Apps for Your Domain were given that option as well, despite the fact that their Google Apps edition clearly reads "Standard." For everyone else, though, Google Docs remains an unencrypted HTTP session.

In a business or educational setting where Google Docs is being used, your I.T. admin has probably turned on SSL for you by activating the feature that forces SSL sessions for all users. If they have not, though, you can still switch on SSL for yourself, says Google, but their help documentation fails to explain how that can be done. All the documentation says is that "your users can enable HTTPS when necessary."

What they probably mean is that anyone can type in "https" when entering in the URL for a Google Apps service in the address bar of their browser. Since your average internet user doesn't think about these sorts of things, though, that's probably not the best solution in terms of security.

Source: WinBeta | ReadWriteWeb