Security of HTTP based authentication

Andrew Black andrew-perl08 at
Thu Jan 13 14:09:16 GMT 2011

On Thu, Jan 13, 2011 at 01:32:28PM +0000, Leo Lapworth wrote:
 > You wrote that you don't send images via HTTP on a HTTPS page - what
> > are the reasons for that?
> >
> Some browsers pop-up alerts if you have mixed HTTP/HTTPS on a page

I have often wondered about that - what is the risk in mixing HTTP
images and HTTPS text?

More information about the mailing list