SSL and non-secure items

[is_maximum <mn...@gmail.com>]

Hi experts,

I have a web application configured to be secured by ssl, the problem is at
some pages the browser displays a dialog box as a warning that says, this
page contains both secure and non-secure items do you want to display
non-secure items? and the user has two options yes and no.

actually, this page is a table like a grid contains information, and it is
paged so user can navigate between pages and for each page this message is
displaying.

my questions are, 
1- why this message appears?
2- how can I find which items are non-secure?
3- how to prevent this message to be displayed programatically?

thank you very much
-- 
View this message in context: http://www.nabble.com/SSL-and-non-secure-items-tf4340400.html#a12363998
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: SSL and non-secure items

[Paul Singleton <pa...@jbgb.com>]

is_maximum wrote:
> Hi experts,
> 
> I have a web application configured to be secured by ssl, the problem is at
> some pages the browser displays a dialog box as a warning that says, this
> page contains both secure and non-secure items do you want to display
> non-secure items? and the user has two options yes and no.
> 
> actually, this page is a table like a grid contains information, and it is
> paged so user can navigate between pages and for each page this message is
> displaying.
> 
> my questions are, 
> 1- why this message appears?

Because the browser you're using is Internet Explorer 6?

> 2- how can I find which items are non-secure?

1) just say "no" and notice which items don't appear

2) use the "View / Source" feature and look for http:// urls

> 3- how to prevent this message to be displayed programatically?
> 
> thank you very much

Paul S.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: SSL and non-secure items

[Jérôme Etévé <je...@eteve.net>]

Hi !

 To avoid having that message (which can make your users insecure),
all the resources you use in your page must be served by the securized
server. This includes css, javascript, images , etc.

Go through your code and you might find some resources which uses full
unsecure http:// urls.

I don't know if one can avoid this message programmatically, but as
soon as it's a security feature, I doubt it.

Jerome.

On 8/28/07, is_maximum <mn...@gmail.com> wrote:
>
> Hi experts,
>
> I have a web application configured to be secured by ssl, the problem is at
> some pages the browser displays a dialog box as a warning that says, this
> page contains both secure and non-secure items do you want to display
> non-secure items? and the user has two options yes and no.
>
> actually, this page is a table like a grid contains information, and it is
> paged so user can navigate between pages and for each page this message is
> displaying.
>
> my questions are,
> 1- why this message appears?
> 2- how can I find which items are non-secure?
> 3- how to prevent this message to be displayed programatically?
>
> thank you very much
> --
> View this message in context: http://www.nabble.com/SSL-and-non-secure-items-tf4340400.html#a12363998
> Sent from the Tomcat - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


-- 
Jerome Eteve.
jerome@eteve.net
http://jerome.eteve.free.fr/

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org