Back to the nonsecure items problem
I'm trying to serve a PDF from a Servlet and I'm getting the This page contains both secure and nonsecure items. Do you want to display the nonsecure items prompt from IE. This is a confidential accounting report, so that just won't do! I was hoping that when I put the webapp behind Apache, that the warning would magically go away since Apache would handle encrypting the transmission back to the client browser, but that does not seem to be the case. The Apache HTTP server does have a Thawte certificate. My next idea is to try to install that same certificate on Tomcat. But I don't think that's going to do it entirely. Here's some of the code that writes out the PDF: ByteArrayOutputStream baosPDF = null; ... ServletOutputStream sos; sos = resp.getOutputStream(); baosPDF.writeTo( sos ); Can someone give me a pointer on what would have to change to encrypt the PDF so that the browser will stop complaining about nonsecure items? I can't have the 'nonsecure items' prompt, and I assume I will need a known good certificate-- can I use the same one that we're using on Apache? Or am I headed in a completely wrong direction? We've discussed this here before, and in the meantime I've gotten a handful of inquiries wondering if I solved the problem. As far as I know, it's still an open question. -- Wendy Smoak Application Systems Analyst, Sr. ASU IA Information Resources Management - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Back to the nonsecure items problem
Hi, I've noticed this too when including a Flash application. I noticed that only IE complains. Mozilla doesn't. Is this the same case for you? Oscar On Tue, 3 Feb 2004, Wendy Smoak wrote: I'm trying to serve a PDF from a Servlet and I'm getting the This page contains both secure and nonsecure items. Do you want to display the nonsecure items prompt from IE. This is a confidential accounting report, so that just won't do! I was hoping that when I put the webapp behind Apache, that the warning would magically go away since Apache would handle encrypting the transmission back to the client browser, but that does not seem to be the case. The Apache HTTP server does have a Thawte certificate. My next idea is to try to install that same certificate on Tomcat. But I don't think that's going to do it entirely. Here's some of the code that writes out the PDF: ByteArrayOutputStream baosPDF = null; ... ServletOutputStream sos; sos = resp.getOutputStream(); baosPDF.writeTo( sos ); Can someone give me a pointer on what would have to change to encrypt the PDF so that the browser will stop complaining about nonsecure items? I can't have the 'nonsecure items' prompt, and I assume I will need a known good certificate-- can I use the same one that we're using on Apache? Or am I headed in a completely wrong direction? We've discussed this here before, and in the meantime I've gotten a handful of inquiries wondering if I solved the problem. As far as I know, it's still an open question. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Back to the nonsecure items problem
From: Oscar Carrillo [mailto:[EMAIL PROTECTED] I've noticed this too when including a Flash application. I noticed that only IE complains. Mozilla doesn't. Is this the same case for you? Yes. :( And most of my users are on IE. So... Has anyone pinned down what Tomcat is sending that makes IE upset? I saw a post in the archives where someone thought maybe the text/pdf header was going in clear text? Any thoughts on appropriating the Thawte certificate that Apache is using and installing it on Tomcat, or is that not really the problem? -- Wendy Smoak Application Systems Analyst, Sr. ASU IA Information Resources Management - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Back to the nonsecure items problem
I imagine it might just be a poor implementation in IE. It might be doing something stupid like determining that the inclusion of a mimetype is nonsecure. It doesn't make sense that anything could go through http when accessing via https, without a link in your page that points to somewhere else. To make sure, you could disallow http access to the site completely, and/or block port 80 at your firewall. Otherwise, I'm sure there's a security hole in IE that you could make it think that anything from anywhere is secure. :) Oscar On Tue, 3 Feb 2004, Wendy Smoak wrote: From: Oscar Carrillo [mailto:[EMAIL PROTECTED] I've noticed this too when including a Flash application. I noticed that only IE complains. Mozilla doesn't. Is this the same case for you? Yes. :( And most of my users are on IE. So... Has anyone pinned down what Tomcat is sending that makes IE upset? I saw a post in the archives where someone thought maybe the text/pdf header was going in clear text? Any thoughts on appropriating the Thawte certificate that Apache is using and installing it on Tomcat, or is that not really the problem? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Back to the nonsecure items problem
From: Oscar Carrillo [mailto:[EMAIL PROTECTED] I imagine it might just be a poor implementation in IE. That's what it's sounding like... I've spoken with someone else who found a workaround. If I have this right, IE only gets upset about POSTed requests where the response is non-HTML over HTTPS. The workaround is to redirect the browser and make it GET the PDF (rather than forward the original POSTed response to the PDF Servlet.) So, never mind, I don't think it's a Tomcat problem. -- Wendy Smoak Application Systems Analyst, Sr. ASU IA Information Resources Management - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]