Articles

Non secure items

August 9, 2005 at 18:27:37
Specs: XP, 64

Hi,

I have a question about a warning that I sometimes get when using Internet Explorer 6.0. Sometimes when I am about to login to a secure site (such as online banking) or I am actually logged in and try to complete a transaction, a warning box pops up with "This page contains both secure and non secure items. Do you wish to display the non secure items?" What does this mean? What would the non secure items be on a secure page? Any help would be greatly appreciated. Thank you.

browser


See More: Non secure items

Report •


#1
August 10, 2005 at 08:09:15

Well, secure and unsecure are used to define the protection level of the data you are entering in the form.

Secure usually means it uses some form of encryption. So, when you submit your data or personal information, it is encrypted, making it unreadable to someone trying to read it. A good way to check if the site is secure, look for a padlock icon in the bottom right of the page. Also, look for the web address to be

https://www.somesite.com
Rather than
http://www.somesite.com

The https means it is more secure. Here is a link to some info about security.

An unsecure page will simply submit data (personal information) without encrypting it. Thus, anyone can read it.


I am under the impression that the reason a company would do this is money. It is costly to use security features like a https site or pass encrypted data. The company probably is encrypting your important personal information and is not encrypting the information that is not as important.

Here is a link that may help:

http://blogs.msdn.com/ie/archive/2005/4/20.aspx


Also, here is a quote from this site:

Some HTTPS pages pull in assorted resources over HTTP, which leads to the annoying "This page contains both secure and nonsecure items" prompt. Why does this hassle exist? Is it really so bad if some files get pulled down via HTTP, if the main body of my page is delivered via HTTPS?

The answer is, of course, yes, this is a bad thing. For one thing, it's impossible for the user to tell what parts of the page were delivered securely, and what parts were not. And worse, if a man-in-the-middle can rewrite the HTTP traffic, he can, for instance, rewrite the HTTPS page using standard DHTML. Or, he can scan the page for any information of interest (e.g. a credit card number) and POST that data to a server he controls. Using HTTP-delivered resources on a HTTPS-delivered page pokes holes in your secure channel. Don't do it.


-------------


I disagree though, you can still submit data, just be more leary about the information you readily hand out. Dont send a credit card number over an unsecure site.
Hope this helps. :)


Report •
Related Solutions


Ask Question