W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

Re: Summary of "What is a secure page?" discussion, first draft

From: Yngve N. Pettersen (Developer Opera Software ASA) <yngve@opera.com>
Date: Wed, 25 Apr 2007 00:09:30 +0200
To: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
Message-ID: <op.tra6h417qrq7tp@nimisha.oslo.opera.com>

On Tue, 24 Apr 2007 20:03:49 +0200, Yngve N. Pettersen (Developer Opera  
Software ASA) <yngve@opera.com> wrote:

> Hello all,
> Here is my first draft of the summary of the earlier discussion of what  
> a secure page is (or should be).
> Comments, suggestions?
> ----------------------

Since everybody loves an example (I hope), here is one that just showed up  
in our bug report system:

   <URL: https://www.agito.pl/?switch=login&cmd=options >

This page gets "No padlock" from Opera.

All elements on the page have an https:// URL, so why does it not get a  

The problem turns out to be a 1-by-1 pixel webbug with the URL

  <URL: https://www.agito.pl/index.php?switch=count&amp;pid >

This URL is redirected to

  <URL: http://www.agito.pl/index.php?switch=count&amp;pid >

In other words, it is mixing secure and unsecure content.

I have seen this with larger images (that contained stock exchange  
graphs), as well as an external Javascript (on a  
please-fill-in-your-credit-card-details page).

Yngve N. Pettersen
Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
Received on Tuesday, 24 April 2007 22:09:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:15 UTC