On Friday 17 August 2007, Hill, Greg wrote: [snip]
> That redirected me to an https site, with images and javascript on > regular http. How is that a security risk, exactly? I've always > wondered why those messages even exist. It's a security risk because the urls themselves could contain sensitive data obtained from the https connection of the page itself. <img src="http://mysite/getimage_via_secret_key?key=my_secret";> /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
