Security of HTTP based authentication

Bruce Richardson itsbruce at
Thu Jan 13 14:47:54 GMT 2011

On Thu, Jan 13, 2011 at 02:09:16PM +0000, Andrew Black wrote:
> On Thu, Jan 13, 2011 at 01:32:28PM +0000, Leo Lapworth wrote:
>  > You wrote that you don't send images via HTTP on a HTTPS page - what
> > > are the reasons for that?
> > >
> > 
> > Some browsers pop-up alerts if you have mixed HTTP/HTTPS on a page
> I have often wondered about that - what is the risk in mixing HTTP
> images and HTTPS text?

It's not a specific warning about images, it's a general warning about
mixed content, even though http images are the most common cause.  With
mixed content on a page, the user could be misled about whether
information was being transmitted over a secure connection.  That


The ice-caps are melting, tra-la-la-la.  All the world is drowning,
tra-la-la-la-la.  -- Tiny Tim.

More information about the mailing list