Thank you for all the help! I decided to download all my js and css sources on to the website and src them appropriately with the https:// prefix. This deleted the 'partial encryption' in Firefox, and I also get the little lock down in the IE status bar (oh yay!). However, I still have a bunch of images src'ed with http:// from the intranet standards web server (which does not support SSL). So IE asks the client, "There are both secure and non-secure items on this page. Do you want to display the non-secure items?", and when "No" is clicked, all the images are broken appropriately. What would the advantage be of downloading all the http:// src'ed images on to my server besides not having that pop-up in IE? Can images be hacked to do malicious things? In other words, what sort of security am I compromising by src'ing the images off an unencrypted server? Again thank you for your advice, Michael DeClerck ________________________________ From: Graeme Walker [mailto:graeme.walker1@xxxxxxxxx] Sent: Wednesday, August 02, 2006 9:50 AM To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Firefox - 'partially encrypted' SSL If there are any page resources, other than links to other websites etc then this will cause the page to be partially secured, since these are not https resources i.e. are not using a secure socket. On 8/2/06, Declerck Michael-W30479 <W30479@xxxxxxxxxxxx> wrote: Under 'view page info' then 'links' I have about nine different http:// links, but most of them lead away from my site. One of links is a form submission to an intranet search database (I have to include that because of intranet standards), and the javascript for that searching function is sourced from another site on the intranet. I have a rewrite rule that transfers all http:// requests to https://, but I had all my site links changed anyway. What does the linking have to do with the partially encrypted message? And could external javascript sourcing cause a hole in the SSL encryption? -----Original Message----- From: Richard Collyer [mailto:richard@xxxxxxxxxxxxxx] Sent: Wednesday, August 02, 2006 5:25 AM To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Firefox - 'partially encrypted' SSL On Wed, August 2, 2006 10:11 am, Vincent Bray wrote: > On 8/1/06, Declerck Michael-W30479 < W30479@xxxxxxxxxxxx> wrote: >> Any advice? >> Does this sound like Firefox brokenness? >> I would assume that it is my configuration that is the problem. > > Is this just a case of having media or frames linked in to your page > via http:// links? Right click --> view page info. Search for the media that is linked by http:// and not https:// Cheers Richard --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL: http://httpd.apache.org/userslist.html <http://httpd.apache.org/userslist.html> > for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx <mailto:users-digest-unsubscribe@xxxxxxxxxxxxxxxx> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|