Re: secure without the https???

From: Chiron Paixos (CHZVALVGPSOP@spammotel.com)
Date: 04/05/03

• Next message: Simon: "Re: secure without the https???"
• Previous message: Robert R Kircher, Jr.: "Re: www.byebyeads.com - spamming"
• In reply to: Simon: "secure without the https???"
• Next in thread: Simon: "Re: secure without the https???"
• Reply: Simon: "Re: secure without the https???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Chiron Paixos <CHZVALVGPSOP@spammotel.com>
Date: Sat, 05 Apr 2003 18:25:02 +0200

On Sat, 5 Apr 2003 15:15:00 +0000 (UTC), Simon wrote:

>Hi.
>
>Was confused by a site which proposed to offer secure credit card
>transactions.
>
>The page containing the form does not begin https (it merely displayed the
>company's main address beginning http) and the padlock icon (using IE6) does
>not appear - however, when I clicked on the link to retrieve the form page
>the browser showed that I was accessing a secure location (https and padlock
>icon) and this was again displayed when I clicked on the SEND button of the
>form.
>
>So, is this secure or not? In my experience the page I was entering my
>details on always displayed the secure features.
>
>Anyone help me out on this.

The appearance (or not appearing) of the padlocks depends on a very
simple reason. If the whole page is retrieve via SSL (https:// - .URL)
you will see the symbol permanently. If a site uses frames and the
outer frame is retrieved via normal (unsecure) http:// -URLs and the
inner frame via SSL you will see nothing (or just the
appearing/disappearing padlock) like you described it.

You can always check via right-clicking inside of the interesting area
of the page and selecting properties whether SSL/TLS is used or not.

HTH,
Chiron

---

• Next message: Simon: "Re: secure without the https???"
• Previous message: Robert R Kircher, Jr.: "Re: www.byebyeads.com - spamming"
• In reply to: Simon: "secure without the https???"
• Next in thread: Simon: "Re: secure without the https???"
• Reply: Simon: "Re: secure without the https???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Eastleigh 100 online ticketing ... required, http did not change to https, and the padlock did not appear on my ... The payment details that you enter after clicking "Secure check out" are ... This frame is https, so stuff you enter on that page should be secure. ... (uk.railway) Re: Secure web page? ... If the web adress start https I understand it should be secure, ... display the padlock, ... You can somehow verify that the certificate tells the truth. ... (alt.computer.security) Re: Any tools to check any web site is secured or not? ... If the page URL doesn't begin with HTTPS, it's not a Secure webpage. ... The website itself was only registered in early March 2010. ... (microsoft.public.windowsxp.general) Re: Eastleigh 100 online ticketing ... This frame is https, so stuff you enter on that page should be secure. ... The padlock tells you nothing about whether the form submission is ... (uk.railway) Re: Is this REALLY a secure site? ... >> How can anyone really know if an SSL or HTTPS connection is truly ... Even if it is theoretically secure ... major credit card company wound up making the authorization against my ... > site uses a numerical IP address: those are always bogus. ... (microsoft.public.windowsxp.general)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > alt.computer.security  > 2003-04