If all items on the page are not secure then the page is NOT secure. Unless you have disabled the message you will see
"all items on the page are not secure - do you still want to display the page?" in a pop-up - then you must click ok to
continue (that's in the ubiquitous IE 5+). Other browsers do variations of this behavior. Remember, every img tag and
script tag (using the src attribute) and every <object/embed> tag and every <link> tag with the src attribute generate
separate http requests - so even if your initial "host page" request is secure, can you really consider the page secure
if not all the items on the page are secure? Ergo, IE will only show the padlock if everything is secure on the page.
check out this example.
with an embedded "unsecure" image:
https://www.neirelo.com/testSecure.cfm
without the image:
https://www.neirelo.com/testSecure.cfm?showImage=false
I hope this helps you.
Mark A. Kruger, MCSE, CFG
www.cfwebtools.com
www.necfug.com
http://blog.mxconsulting.com
...what the web can be!
-----Original Message-----
From: Reed Powell [mailto:[EMAIL PROTECTED]
Sent: Sunday, March 14, 2004 3:00 PM
To: CF-Talk
Subject: HTTPS: what factors disable it?
Once again I'm in slightly new territory. Never had to worry about https in
the past, everything was inside of the corporate network and no one really
cared. Now I'm in the real world and...
I have a site with a secure area that works fine when I test with a simple
HTML file - in other words, the page renders and the IE padlock appears.
But when I put up my CF page, the page still renders fine, but the padlock
is not there. What sorts of things could I be doing that would cause this?
It has a bunch of HREFs and IMG SRC references to another website on another
server. Could that be the problem? I've tried some simple test pages with
external references, and they still have the padlock. The references to the
external site are via http: and not https:
I'm missing something here - any ideas? Are there some things that are not
permitted on a page accessed as https? I've checked a number of online
https tutorials and haven't seen anything.
Thanks,
-reed
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
