You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by is_maximum <mn...@gmail.com> on 2007/08/28 10:23:59 UTC
SSL and non-secure items
Hi experts,
I have a web application configured to be secured by ssl, the problem is at
some pages the browser displays a dialog box as a warning that says, this
page contains both secure and non-secure items do you want to display
non-secure items? and the user has two options yes and no.
actually, this page is a table like a grid contains information, and it is
paged so user can navigate between pages and for each page this message is
displaying.
my questions are,
1- why this message appears?
2- how can I find which items are non-secure?
3- how to prevent this message to be displayed programatically?
thank you very much
--
View this message in context: http://www.nabble.com/SSL-and-non-secure-items-tf4340400.html#a12363998
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL and non-secure items
Posted by Paul Singleton <pa...@jbgb.com>.
is_maximum wrote:
> Hi experts,
>
> I have a web application configured to be secured by ssl, the problem is at
> some pages the browser displays a dialog box as a warning that says, this
> page contains both secure and non-secure items do you want to display
> non-secure items? and the user has two options yes and no.
>
> actually, this page is a table like a grid contains information, and it is
> paged so user can navigate between pages and for each page this message is
> displaying.
>
> my questions are,
> 1- why this message appears?
Because the browser you're using is Internet Explorer 6?
> 2- how can I find which items are non-secure?
1) just say "no" and notice which items don't appear
2) use the "View / Source" feature and look for http:// urls
> 3- how to prevent this message to be displayed programatically?
>
> thank you very much
Paul S.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL and non-secure items
Posted by Jérôme Etévé <je...@eteve.net>.
Hi !
To avoid having that message (which can make your users insecure),
all the resources you use in your page must be served by the securized
server. This includes css, javascript, images , etc.
Go through your code and you might find some resources which uses full
unsecure http:// urls.
I don't know if one can avoid this message programmatically, but as
soon as it's a security feature, I doubt it.
Jerome.
On 8/28/07, is_maximum <mn...@gmail.com> wrote:
>
> Hi experts,
>
> I have a web application configured to be secured by ssl, the problem is at
> some pages the browser displays a dialog box as a warning that says, this
> page contains both secure and non-secure items do you want to display
> non-secure items? and the user has two options yes and no.
>
> actually, this page is a table like a grid contains information, and it is
> paged so user can navigate between pages and for each page this message is
> displaying.
>
> my questions are,
> 1- why this message appears?
> 2- how can I find which items are non-secure?
> 3- how to prevent this message to be displayed programatically?
>
> thank you very much
> --
> View this message in context: http://www.nabble.com/SSL-and-non-secure-items-tf4340400.html#a12363998
> Sent from the Tomcat - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Jerome Eteve.
jerome@eteve.net
http://jerome.eteve.free.fr/
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org