Encrypted pages with unencrypted content
Hill, Greg
grhill at corp.untd.com
Fri Aug 17 11:05:43 MDT 2007
> Can you give me a list of any pages that serve up both encrypted and
> unencrypted content? I'm doing a little work on analyzing BYU's poor
> security for its website, and I want to know how prevalent this
practice
> is.
If you're referring to the IE "error" message, it simply means you have
an image or other file embedded in the page that isn't on https.
> For an example of what I'm thinking of, try: http://ry.byu.edu/
That redirected me to an https site, with images and javascript on
regular http. How is that a security risk, exactly? I've always
wondered why those messages even exist.
Greg
More information about the PLUG
mailing list