- From: Yngve N. Pettersen (Developer Opera Software ASA) <yngve@opera.com>
- Date: Wed, 25 Apr 2007 00:09:30 +0200
- To: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
On Tue, 24 Apr 2007 20:03:49 +0200, Yngve N. Pettersen (Developer Opera Software ASA) <yngve@opera.com> wrote: > > Hello all, > > Here is my first draft of the summary of the earlier discussion of what > a secure page is (or should be). > > Comments, suggestions? > > ---------------------- Since everybody loves an example (I hope), here is one that just showed up in our bug report system: <URL: https://www.agito.pl/?switch=login&cmd=options > This page gets "No padlock" from Opera. All elements on the page have an https:// URL, so why does it not get a padlock? The problem turns out to be a 1-by-1 pixel webbug with the URL <URL: https://www.agito.pl/index.php?switch=count&pid > This URL is redirected to <URL: http://www.agito.pl/index.php?switch=count&pid > In other words, it is mixing secure and unsecure content. I have seen this with larger images (that contained stock exchange graphs), as well as an external Javascript (on a please-fill-in-your-credit-card-details page). -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************
Received on Tuesday, 24 April 2007 22:09:47 UTC