On 03.08.06 11:37, Declerck Michael-W30479 wrote: > However, I still have a bunch of images src'ed with http:// from the > intranet standards web server (which does not support SSL). > So IE asks the client, "There are both secure and non-secure items on > this page. Do you want to display the non-secure items?", and when "No" > is clicked, all the images are broken appropriately. > > What would the advantage be of downloading all the http:// src'ed images > on to my server besides not having that pop-up in IE? > Can images be hacked to do malicious things? actually, there alreway were some overflows in image handling code that lead to spurious code execution. > In other words, what sort of security am I compromising by src'ing the > images off an unencrypted server? you can track what images did user access and thus guess, what did the user do. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|