Secure Websites

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

ratewhore replied

6 May 2007, 15:10
Yes it is true. View the frame source to see the details...
Leave a comment:
2uk replied

6 May 2007, 13:32
Originally posted by chicane

Quit being pedantic. From a web developer point of view, the get or post variables submitted by the client browser are sent to a script for processing, which equates to a page from the browser's point of view. The server just acts as a communication mechanism between the client browser and the script and is not particularly relevant within the scope of this discussion.

So there.

I see. Good explanation. But is it true that although a browser's address shows http ( not https) it can still have second https connection to ( either the same or different URL ). For example if certain frame on the page is sourced by this other URL.

I know this is not a good practice , I am just curious.
Leave a comment:
chicane replied

6 May 2007, 10:54
Originally posted by 2uk

" The page to which information is sent" ? I thought http is sent to web servers.

Quit being pedantic. From a web developer point of view, the get or post variables submitted by the client browser are sent to a script for processing, which equates to a page from the browser's point of view. The server just acts as a communication mechanism between the client browser and the script and is not particularly relevant within the scope of this discussion.

So there.
Leave a comment:
weboo replied

4 May 2007, 18:10
Always be wary if your connection to a particular site is https:// . Anything else can be intercepted very easily. Especially those that are needing personal and financial data entered. If you get a popup and you do not see the URL, press F11 and get the address in IE.

Web infrastructures can be very complex, and your connections (client to web server) need to be secure. Behind the https site's exterior(firewall) it may well be http(web to app or db)...but will be a lot more secure and non intercepted if the security is right.

Firefox warns you of this and is pretty secure...Ie depending on version can be a problem
Leave a comment:
2uk replied

3 May 2007, 21:50
Originally posted by chicane

In order for a transaction to be secure, both the page containing the form and the page to which this information is transmitted must be on https. Anything else and your information is at risk.

" The page to which information is sent" ? I thought http is sent to web servers.
Leave a comment:
chicane replied

3 May 2007, 07:33
In order for a transaction to be secure, both the page containing the form and the page to which this information is transmitted must be on https. Anything else and your information is at risk.
Leave a comment:
2uk replied

2 May 2007, 20:06
Originally posted by Gonzo

I have a question that I am sure that many of you can answer for me because I am not at all a techie.

When sending my personal and payment details over the web I usually check that the page that I am inputting the details to is already an "https" site and I see the padlock (using IE).

But if I find myself inputting the details into an http site, even though it sends the details to an https site, am I right in thinking that it is not actually secure because the details have to go from the current site, through who knows how many computers, before they get to the secure site?

Thanks

I am wary about sites missing https. Some pages though will show http , but have a second https coonnection to the web site. ( a certain frame of the web page uses different connection). This means if it says http , it is not necessarily not secure. Best practice: Use only reputable sites , or call and ask before or use netstat to verify there is a secure connection.
Leave a comment:
Cowboy Bob replied

2 May 2007, 19:33
Originally posted by Gonzo

But if I find myself inputting the details into an http site, even though it sends the details to an https site, am I right in thinking that it is not actually secure because the details have to go from the current site, through who knows how many computers, before they get to the secure site?

Yes, but if you were really worried about this stuff you'd also have stopped using IE by now.
Leave a comment:
Gonzo started a topic Secure Websites

2 May 2007, 18:32
Secure Websites

I have a question that I am sure that many of you can answer for me because I am not at all a techie.

When sending my personal and payment details over the web I usually check that the page that I am inputting the details to is already an "https" site and I see the padlock (using IE).

But if I find myself inputting the details into an http site, even though it sends the details to an https site, am I right in thinking that it is not actually secure because the details have to go from the current site, through who knows how many computers, before they get to the secure site?

Thanks
Tags: None