On 1/10/07, pragmaticObjects <[EMAIL PROTECTED]> wrote: > To the casual users who are trained > to look for those security indicators on the browsers but do not > understand better, they get paranoid.
It's not just casual users. Serving any part of a page out of SSL is insecure. Media not served with SSL could be subject to man-in-the-middle, meaning arbitrary content ends up on your (intended to be) secure. Such a page is no longer secure. > Because of that, how would anyone > expect Django to be used outside of the newspaper/blog/etc > applications. I hope I'm wrong, meaning I hope there's a solution that > I don't know about. If you know the solution, please share. Thanks When you're under SSL, serve your media with SSL as well. How are you currently serving media? /media? media.foo.com? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
