| Author |
HTTPS : Secured and non secured item with absolute path
|
|
| trihanhcie@gmail.com 2006-05-15, 7:17 pm |
| Hi,
I have a <img src = "http:// ..."> which needs to be put in a secured
page. For example on amazon when the confirmation page is displayed...
The problem is that it's a secured page (https) and my tag is an
absolute path... It looks like it's the problem because the tag is not
secured. What are the possible solution to display the image without
the warning message?
Thanks
| |
| David Dorward 2006-05-15, 7:17 pm |
| trihanhcie@XXXXXXXXXX wrote:
> I have a <img src = "http:// ..."> which needs to be put in a secured
> page. For example on amazon when the confirmation page is displayed...
> The problem is that it's a secured page (https) and my tag is an
> absolute path...
An absolute URL to an HTTP URL.
> It looks like it's the problem because the tag is not
> secured.
The tag is irrelevant, it is the means used to access the image.
> What are the possible solution to display the image without
> the warning message?
Copy the image so it is available under the HTTPS server, then access it
there.
--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is
| |
| Jim Moe 2006-05-15, 7:17 pm |
| trihanhcie@XXXXXXXXXX wrote:
>
> I have a <img src = "http:// ..."> which needs to be put in a secured
> page. For example on amazon when the confirmation page is displayed...
> The problem is that it's a secured page (https) and my tag is an
> absolute path... It looks like it's the problem because the tag is not
> secured. What are the possible solution to display the image without
> the warning message?
>
Presuming this is your own site and not Amazon's:
- Make the DocumentRoot for the secure and non-secure sites the same.
- Change <img src = "http:// ..."> to <img src = "https:// ...">.
--
jmm (hyphen) list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)
| |
| trihanhcie@gmail.com 2006-05-15, 7:17 pm |
| What do you mean by
- Make the DocumentRoot for the secure and non-secure sites the same. ?
Do I have to by a certificate on my site to change it to a secure site?
Thanks ^^
| |
| Jim Moe 2006-05-16, 5:07 am |
| trihanhcie@XXXXXXXXXX wrote:
> What do you mean by
> - Make the DocumentRoot for the secure and non-secure sites the same. ?
>
I am using terms for the Apache web server.
To support the HTTPS protocol your web server must have a (virtual) host
defined for it, just as you have for HTTP. HTTP, port 80, has a "home" or
"root" directory, the DocumentRoot. HTTPS, port 443, must also have a
"home" or "root" directory. Make those two the same.
> Do I have to by a certificate on my site to change it to a secure site?
>
Yes.
--
jmm (hyphen) list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)
| |
| Leonard Blaisdell 2006-05-16, 5:07 am |
| In article <bLidnbbXia1NyPTZRVn-pA@giganews.com>,
Jim Moe <jmm-list.AXSPAMGN@sohnen-moe.com> wrote:
> trihanhcie@XXXXXXXXXX wrote:
> Yes.
I agree. But you can create your own certificate IIRC. I did it a few
years ago for testing purposes using SSL. Browsers will throw up a
warning indicating it is not a *certified* certificate. If you get one
of those warnings, pay attention ;-)
leo
--
<http://web0.greatbasin.net/~leo/>
| |
| trihanhcie@gmail.com 2006-05-16, 5:07 am |
| Well the aim is in fact to avoid a warning ... What I mean is :
If Amazon put <img src = https://www.mysite.com?id=..> on his
confirmation page (https://www.amazon.com/...) and I have my own
certifate IIRC, will the user have the warning?
| |
| trihanhcie@gmail.com 2006-05-16, 5:07 am |
| Oups sorry i thought it was the name of the certificate IIRC... How did
u create your own certificatE? :s
| |
| Jim Moe 2006-05-16, 7:05 pm |
| Leonard Blaisdell wrote:
>
>
> I agree. But you can create your own certificate IIRC. I did it a few
> years ago for testing purposes using SSL. Browsers will throw up a
> warning indicating it is not a *certified* certificate. If you get one
> of those warnings, pay attention ;-)
>
Yes, it is easy enough to create your own. But, as you say, because
there is no chain of authority, browsers (are supposed to) warn the user
about the dodgy certificates ("Do you really really trust this site?").
Authoritative certificates are cheap enough, $50 - $300, depending on
the type and period of validity.
--
jmm (hyphen) list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)
|
|
|
|
| Copyright 2003 - 2009 forum4designers.com Software forum Computer Hardware reviews |