[thelist] https site in a frame of an http site

Kevin D. White nonzero at well.com
Thu Oct 11 17:11:02 CDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The actual security is not compromised but the user has no idea what
is an is not secure.  The little lock icon is triggered by the main
requested page not the stuff inside it.  In the case of a frameset
that mixes secure and insecure, the lock never lights.  Plus, the
user should get a nasty warning about mixing secure and insecure
content on page.

You might want to point out to the offending person that they are
providing a nasty and confusing experience to their users.  You could
also insert some JavaScript that detects that the page is being
loaded in a frameset and blow the entire frameset away or pop an
alert.

What that person doesn't realize is they have just give you complete
license to do whatever you want on their site....

- ----- Original Message ----- 
From: "Kristy Frey" <kristenannfrey at yahoo.com>


> Does anyone know if the security provided by a
> VeriSign Certificate is compromised when "somebody"
> decides that they want to display my secure
> https://... page in their http://... page that uses
> frames.   My pages (which are php pages on a secure
> site) DO NOT use frames, but "somebody" where i work
> (a large college campus that does not promote frames
> for accessibility reasons) decided they would display
my pages within theirs via a frame.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBO8YZioEZ+a0sYPYKEQIkygCfXNvAXvzsUOj0EU/0E1ARB32QSuMAnj3L
GVlDzi2PUQU8Qe1gSfX+pQYJ
=d65S
-----END PGP SIGNATURE-----






More information about the thelist mailing list