This is Interesting: Free Magazines for Graphics designers and webmasters
Home > Archive > Dreamweaver > March 2004 > Is a frame loaded by a remote secure page, secure?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Is a frame loaded by a remote secure page, secure?
|
|
| Chris C. 2004-03-01, 1:28 pm |
| Can a frameset call a remote https url to the content frame and still
have it secure.
IE domain "A" loads a frameset page, where top row is a local http page
and the content frame calls another server page
(https://www.domainB.com/page.asp) which is secure.
Q. Is the content frame still secure between browser and server "B"
Thanks,
Chris
| |
| Alan Ames 2004-03-01, 1:28 pm |
| That frame is secure, it's got a https:// SSL connection.
But- the browser will not show the gold lock or key, because the other
frame and the frameset file itself are http://
And- many browsers will pop a warning msg that it's mixed content, depending
on individual preference settings.
> Q. Is the content frame still secure between browser and server "B"
| |
| Chris C. 2004-03-01, 9:28 pm |
| Is there a way to prove it to skeptical site visitor who is gleefully
challenging me with the security of the page?
Alan Ames wrote:
> That frame is secure, it's got a https:// SSL connection.
>
> But- the browser will not show the gold lock or key, because the other
> frame and the frameset file itself are http://
>
> And- many browsers will pop a warning msg that it's mixed content, depending
> on individual preference settings.
>
>
>
>
| |
| Alan Ames 2004-03-01, 10:28 pm |
| Tell them to:
-View source of the frameset, and confirm that the frames contents is an
https:// url
-Right-click in that frame and pick Open in New Frame or whatever option
their browser allows.
But- ----The thing i tried to get across in my first reply, is that it
doesn't APPEAR secure. And appearance of security and trust (or lack of it)
can count for more than proven fact.
The lock or key people are told to look for will Not show when it's in a
http:// frameset , and some people will see warning messages about mixed
content.
suggest- break out of frames and let that external https:// page load by
itself. The lock will show.
If there is some reason you want it to remain in a frameset, so that the
third-party domain page seems to the casual observer to be from within that
site, set up SSL/HTTPS on YOUR site, and have the frameset and all content
in all frames be called with https:// paths.
> Is there a way to prove it to skeptical site visitor who is gleefully
> challenging me with the security of the page?
| |
| Gary White 2004-03-01, 11:28 pm |
| "Alan Ames" <dont_mail_me@formdude.com> wrote in message
news:BC694E3A.179612%dont_mail_me@formdude.com...
> Tell them to:
> -View source of the frameset, and confirm that the frames contents is an
> https:// url
> -Right-click in that frame and pick Open in New Frame or whatever option
> their browser allows.
Or have them right-click in that frame and choose Properties. The page
properties will show whether or not it is a secure page.
> But- ----The thing i tried to get across in my first reply, is that it
> doesn't APPEAR secure. And appearance of security and trust (or lack of
it)
> can count for more than proven fact.
Agree completely.
Gary
|
|
|
| | Copyright 2003 - 2008 forum4designers.com Software forum Computer Hardware reviews |
|