Security of HTTP based authentication
zzbbyy at gmail.com
Thu Jan 13 14:25:23 GMT 2011
On Thu, Jan 13, 2011 at 3:17 PM, Abigail <abigail at abigail.be> wrote:
> On Thu, Jan 13, 2011 at 02:09:16PM +0000, Andrew Black wrote:
>> On Thu, Jan 13, 2011 at 01:32:28PM +0000, Leo Lapworth wrote:
>> > You wrote that you don't send images via HTTP on a HTTPS page - what
>> > > are the reasons for that?
>> > >
>> > Some browsers pop-up alerts if you have mixed HTTP/HTTPS on a page
>> I have often wondered about that - what is the risk in mixing HTTP
>> images and HTTPS text?
> That would depend on the image, and the request to get that image, wouldn't?
Let's assume for now that it is about pure design images (or css), the
same as used on non-authenticated pages.
More information about the london.pm