Security of HTTP based authentication
Bruce Richardson
itsbruce at workshy.org
Thu Jan 13 14:47:54 GMT 2011
On Thu, Jan 13, 2011 at 02:09:16PM +0000, Andrew Black wrote:
> On Thu, Jan 13, 2011 at 01:32:28PM +0000, Leo Lapworth wrote:
> > You wrote that you don't send images via HTTP on a HTTPS page - what
> > > are the reasons for that?
> > >
> >
> > Some browsers pop-up alerts if you have mixed HTTP/HTTPS on a page
>
> I have often wondered about that - what is the risk in mixing HTTP
> images and HTTPS text?
It's not a specific warning about images, it's a general warning about
mixed content, even though http images are the most common cause. With
mixed content on a page, the user could be misled about whether
information was being transmitted over a secure connection. That
simple.
--
Bruce
The ice-caps are melting, tra-la-la-la. All the world is drowning,
tra-la-la-la-la. -- Tiny Tim.
More information about the london.pm
mailing list