gaurav bhandari said: > thanks thaths (how are we supposed to pronounce > thaths?)
It is pronounced the same as in 'Thathachari'. > basically what i need to know is how is this possible > isnt the browser supposed to give a certificate > invalid alert The browser alerts you when a https site it is going to presents a certificate not signed by a "trusted" [1] Certifying Authority (such as Verisign or Thwarte) or when the name in the certificate does not match the name of the server. When a insecure site includes a secure site in a frame, the browser is not aware of the the framing. As far as the browser can tell, the secure site is loading in a seperate window. And since the certificate presented by the secure site passes all tests, there is no need to alert the user. The reason why you did not see the lock icon closing to indicate that the transaction was secure is that the browser indicates the secure status of the parent which contains the frames and not each individual frame. Thaths [1] I.e. the CAs that have the money to pay the maker of the browser enough money to include them as a trusted CA. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek PC Mods, Computing goodies, cases & more http://thinkgeek.com/sf _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
