[thelist] https site in a frame of an http site
kristenannfrey at yahoo.com
Thu Oct 11 18:39:51 2001
Thanks Kevin - BTW, I stuck this in my page:
if (top.location != location)
top.location.href = document.location.href ;
and put in the body tag.
Worked great! Now I just sit back and wait for the
offender to start complaining!
--- "Kevin D. White" <email@example.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> The actual security is not compromised but the user
> has no idea what
> is an is not secure. The little lock icon is
> triggered by the main
> requested page not the stuff inside it. In the case
> of a frameset
> that mixes secure and insecure, the lock never
> lights. Plus, the
> user should get a nasty warning about mixing secure
> and insecure
> content on page.
> You might want to point out to the offending person
> that they are
> providing a nasty and confusing experience to their
> users. You could
> page is being
> loaded in a frameset and blow the entire frameset
> away or pop an
> What that person doesn't realize is they have just
> give you complete
> license to do whatever you want on their site....
> - ----- Original Message -----
> From: "Kristy Frey" <firstname.lastname@example.org>
> > Does anyone know if the security provided by a
> > VeriSign Certificate is compromised when
> > decides that they want to display my secure
> > https://... page in their http://... page that
> > frames. My pages (which are php pages on a
> > site) DO NOT use frames, but "somebody" where i
> > (a large college campus that does not promote
> > for accessibility reasons) decided they would
> my pages within theirs via a frame.
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.1
> -----END PGP SIGNATURE-----
> For unsubscribe and other options, including
> the Tip Harvester and archive of TheList go to:
> http://lists.evolt.org Workers of the Web, evolt !
Do You Yahoo!?
Make a great connection at Yahoo! Personals.