Re: secure without the https???

From: Chiron Paixos (CHZVALVGPSOP@spammotel.com)
Date: 04/05/03


From: Chiron Paixos <CHZVALVGPSOP@spammotel.com>
Date: Sat, 05 Apr 2003 18:25:02 +0200

On Sat, 5 Apr 2003 15:15:00 +0000 (UTC), Simon wrote:

>Hi.
>
>Was confused by a site which proposed to offer secure credit card
>transactions.
>
>The page containing the form does not begin https (it merely displayed the
>company's main address beginning http) and the padlock icon (using IE6) does
>not appear - however, when I clicked on the link to retrieve the form page
>the browser showed that I was accessing a secure location (https and padlock
>icon) and this was again displayed when I clicked on the SEND button of the
>form.
>
>So, is this secure or not? In my experience the page I was entering my
>details on always displayed the secure features.
>
>Anyone help me out on this.

The appearance (or not appearing) of the padlocks depends on a very
simple reason. If the whole page is retrieve via SSL (https:// - .URL)
you will see the symbol permanently. If a site uses frames and the
outer frame is retrieved via normal (unsecure) http:// -URLs and the
inner frame via SSL you will see nothing (or just the
appearing/disappearing padlock) like you described it.

You can always check via right-clicking inside of the interesting area
of the page and selecting properties whether SSL/TLS is used or not.

HTH,
Chiron