Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

  • Oops, something didn't work.

    Getting "follow" information
    Start following this thread
    Removing your "follow"
    Setting up your "follow"
  • BugslayerBugslayer

    Since IE uses the protocol designation (https://) in the address line to drive the display of the lock symbol in the status bar, I have longed for IE 7 to display the status bar if the cursor is in a text box that will post securely.  Furthermore, why not provide thestatus bar lock and a balloon on hovering over a form region (or the submit button for a form) that will post securely.  Why not provide a visual overlay on submit buttons indicating security?  The balloon could contain details from the cert used to secure the post.  IE should provide a definitive indicator to the user for secure posts -- indicating the target domain for the post and the domain of the cert (in case they don't match)

    end of brainstorm... please, just fix it for everyone!


     

  • Sven GrootSven Groot Don't worry... I'm a doctor.

    ScanIAm wrote:
    Interesting, though, that there is an ING label at the bottom right of your link.  I thought ING was a european bank, turns out the ING direct is the US Online version.

    Postbank is part of the ING Group, which is one of the world's largest financial services companies, and also a Dutch company. Smiley

  • AndyCAndyC

    Bugslayer wrote:
    Since IE uses the protocol designation (https://) in the address line to drive the display of the lock symbol in the status bar, I have longed for IE 7 to display the status bar if the cursor is in a text box that will post securely.  Furthermore, why not provide thestatus bar lock and a balloon on hovering over a form region (or the submit button for a form) that will post securely.  Why not provide a visual overlay on submit buttons indicating security?  

     


    For one very simple reason: they are not secure

    For a webpage to be secure all of it must be secure, mixing insecure content in or using an insecure form means the site is not secure. Simple as that.

  • MauritsMaurits AKA Matthew van Eerde

    AndyC wrote:
    For a webpage to be secure all of it must be secure, mixing insecure content in or using an insecure form means the site is not secure. Simple as that.


    ... well... I don't know about that.  I think there's value in displaying that a form will submit to a secure location.  I even think it's worth a spot in the chrome.

  • AndyCAndyC

    Maurits wrote:
    
    ... well... I don't know about that.  I think there's value in displaying that a form will submit to a secure location.  I even think it's worth a spot in the chrome.


    And how do you know that it will submit to a secure location? How can you be sure that some crafty mouse down event won't change what happens at the last moment? How do you know that it's the right secure location? Something is only as secure as its weakest point. If that weak point is completely insecure then you have no security, as is the case here.

    Remember, the only thing SSL guarantees is protection from man-in-the-middle attacks. If you introduce insecure content into the site then you reintroduce a method for a MitM attack once more.

  • Thread Closed

    This thread is kinda stale and has been closed but if you'd like to continue the conversation, please create a new thread in our Forums,
    or Contact Us and let us know.