RE: Annoying: You are about to leave secure internet connection
From: Shawn Farkas [MS] (shawnfa_at_online.microsoft.com)
Date: 02/18/05
- Previous message: Shawn Farkas [MS]: "RE: API to access loaded assembly hash"
- In reply to: SK: "Annoying: You are about to leave secure internet connection"
- Next in thread: Nicole Calinoiu: "Re: Annoying: You are about to leave secure internet connection"
- Reply: Nicole Calinoiu: "Re: Annoying: You are about to leave secure internet connection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 18 Feb 2005 22:22:51 GMT
Think of what would be possible if you could do this:
I create a website that requests that a user create a login. Their user
name and password are entered on an SSL site, but then on the next page I
redirect them to a site that's not accessable via HTTPS. Additionally my
site also programatically disables that dialog box. Now, the user is
entering personal information, thinking that it's safe, when in fact it
isn't.
Granted the above is a pretty strange scenario, but the point is the same.
If you could do this, it would be an enormous security hole in the browser.
-Shawn
http://blogs.msdn.com/shawnfa
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Note:
For the benefit of the community-at-large, all responses to this message
are best directed to the newsgroup/thread from which they originated.
--------------------
> Thread-Topic: Annoying: You are about to leave secure internet connection
> thread-index: AcUSycYByXo77lB9SkKyK5ZGvf6bTw==
> X-WBNR-Posting-Host: 156.77.108.72
> From: "=?Utf-8?B?U0s=?=" <SK@discussions.microsoft.com>
> Subject: Annoying: You are about to leave secure internet connection
> Date: Mon, 14 Feb 2005 11:17:06 -0800
> Lines: 14
> Message-ID: <CC2414DC-E478-4A70-AFDD-AA5823EBC505@microsoft.com>
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="Utf-8"
> Content-Transfer-Encoding: 7bit
> X-Newsreader: Microsoft CDO for Windows 2000
> Content-Class: urn:content-classes:message
> Importance: normal
> Priority: normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> Newsgroups: microsoft.public.dotnet.security
> NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
> Path: TK2MSFTNGXA01.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
> Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.security:3733
> X-Tomcat-NG: microsoft.public.dotnet.security
>
> We have our intranet website running on IIS 6.0 using SSL. On our
application
> side, we have some code that goes to the
> \\Servername\DirectoryName\myFile.pdf and grabs the file for the user.
Now
> the problem is with SSL. Everytime some user click on the link, they get
> Internet Explorer security message: You are about to leave the secure
> internet connection. It will be possible for others to view the
information.
>
> Any idea\tips\tricks that we can find a work around on this other than
> requesting users to check the box that says, In future, do not show this
> warning?
>
> Help!!!
>
> SK
>
- Previous message: Shawn Farkas [MS]: "RE: API to access loaded assembly hash"
- In reply to: SK: "Annoying: You are about to leave secure internet connection"
- Next in thread: Nicole Calinoiu: "Re: Annoying: You are about to leave secure internet connection"
- Reply: Nicole Calinoiu: "Re: Annoying: You are about to leave secure internet connection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
