none
Credentials encrypted?

    Question

  • Hello All,

    Was wondering if Windows Live Writers uses a encrypted channel to send the credentials to the blogging host? Essentially, is it safe to use the Windows Live Writer to make new blog posts to Blogger/Wordpress/Typepad/LiveJournal from a public internet connection, where traffic can be easily sniffed?

    I just don't want my passwords flowing through a public connection in clear-text everytime I make a post :-)

    Thanks
    Saqib
    http://www.capital-punishment.us
    Tuesday, April 14, 2009 6:11 AM

All replies

  • That's a bit of complicated question, but I'll try to boil it down. The below all assumes you're using the most recent version of WLW (14.0.8064.0206).

    * Communication with WordPress.com is secure. We use HTTPS for all authenticated communications.
    * Communication with Blogger and Spaces is semi-secure; the same level as if you accessed these services through the web. Your actual credentials are communicated via HTTPS, this results in a temporary access token that is included on HTTP requests. Someone could steal the token and gain access to your account until the token expires.
    * Communication with TypePad, LiveJournal, self-hosted WordPress, and many other blog services are NOT secure. Your password is transmitted in cleartext over HTTP. (In the case of LiveJournal and self-hosted WordPress, even the web logins uses HTTP, so you're not secure using your browser to post either.)

    With TypePad, LiveJournal, and other services that we know we can't communicate securely with, we don't communicate with them unless the user performs an action that requires it--publish a post, refresh category list, bring up the Open Post dialog and select the blog, etc. So if you're VERY careful to just edit existing drafts or start new posts, you'll be OK. With WordPress.com, Blogger, and other blogs we communicate securely with, we'll do things like refresh the category list in the background without the user's knowledge.

    Hmmm, come to think of it, Offline Mode would be a good feature when you're under these circumstances...
    Wednesday, April 15, 2009 12:05 AM
    Owner