- From: Ingo Chao <i4chao@googlemail.com>
- Date: Sat, 13 Nov 2010 23:37:58 +0100
2010/11/13 timeless <timeless at gmail.com>: > On Sat, Nov 13, 2010 at 2:52 PM, Ingo Chao <i4chao at googlemail.com> wrote: >> The mashup combines components, some of them are not under my control. >> The advertisement service provides 3rd party ads, they will change >> often. > >> Including the ad service means that I never know if and when >> someone throws in http content into the mix. > > You need a better contract with your advertiser. You need to demand > that they don't provide non https content. > > Besides, no advertiser in their right mind wouldn't want to know that > you only want https content. Each time your users load a page and the > advertiser fails to load an ad, the advertiser loses money. > Good contracts with the component's providers of a mashup are neccessary, but not sufficient to resolve the mixed https/http issue in reality. Another ingredient for a secure mashup would be the event I am proposing, to alert the mashup's owner that something was going wrong, by mistake. That a component was loaded insecure. Thanks, Ingo
Received on Saturday, 13 November 2010 14:37:58 UTC