Is there some security benefit I am not aware of for using https connections within frames and presenting them over http to the user? This site http://webcentral.du.edu does such a thing and I don't understand why. If we spend time training people to look for https and certificate errors, why would they do this?
When you click on "security information" at the bottom it says: *Is this Site Secure?* Yes, webCentral.du.edu <http://webcentral.du.edu/> uses a Security certificate provided by VeriSign. *Where is the little key or lock then?* webCentral uses frames throughout. The login page is actually a frame within a normal http: page. It is still secure, you just can't see the key or lock. Someone please enlighten me.
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
