Encrypted pages with unencrypted content

Hill, Greg grhill at corp.untd.com
Fri Aug 17 11:05:43 MDT 2007


> Can you give me a list of any pages that serve up both encrypted and
> unencrypted content?  I'm doing a little work on analyzing BYU's poor
> security for its website, and I want to know how prevalent this
practice
> is.

If you're referring to the IE "error" message, it simply means you have
an image or other file embedded in the page that isn't on https.

> For an example of what I'm thinking of, try: http://ry.byu.edu/


That redirected me to an https site, with images and javascript on
regular http.  How is that a security risk, exactly?  I've always
wondered why those messages even exist.

Greg




More information about the PLUG mailing list