[Web4lib] This page contains both secure and nonsecure items

Jonathan Gorman jtgorman at uiuc.edu
Sat Sep 22 10:16:33 EDT 2007



I can't quite figure it out from your message, but are the sites you're talking about under your own control or are you talking about just suppressing that message?

The images won't be encrypted, which probably isn't a big deal.  I'd be more nervous about the fact that probably indicates those images are on another server.  If they are on one you don't control, someone could always replace the image.   Someone could probably also do a "man-in-the-middle" attack with the unencrypted images, but that would be more difficult.

I'm not a security expert though, so don't take me as the final word. ;) 

Jon Gorman


---- Original message ----
>Date: Sat, 22 Sep 2007 09:33:38 -0400
>From: "Robert Sullivan" <robert.g.sullivan at gmail.com>  
>Subject: [Web4lib] This page contains both secure and nonsecure items  
>To: web4lib <web4lib at webjunction.org>
>
>We'vr run into some sites which pop up a message:
>
>"This page contains both secure and nonsecure items"
>
>I understand that this can happen by displaying a graphic which comes
>from a nonsecure site - this is now happening with Google Mail - and I
>know how to turn it off.
>
>My question is, is turning it off a good idea, or is there a real
>security problem here?  We haven't run into it much, but since I am
>making some configuration changes this would be a good time to do it.
>
>-- 
>Bob Sullivan
>Schenectady Digital History Archive
><http://www.schenectadyhistory.org/>
>Schenectady County (NY) Public Library
>_______________________________________________
>Web4lib mailing list
>Web4lib at webjunction.org
>http://lists.webjunction.org/web4lib/


More information about the Web4lib mailing list