Okay, so what are the ramifications of getting a JS file via an HTTPS call while on a HTTP page. I assume it would just be a little bit of extra overhead. Would there be any warnings about this call from any certain browser? Don't ask why. It's just hypothetical. ...
Hi, I have a wordpress blog and I need to make one of the pages secure. I have been told to make the link to that page point to https://claimpage.html as opposed to http://claimpage.html. The problem is I don't actually create the menu that links the user to the individual pages. This is done automatically by the code in the backgrou...
I have already have this code to force these URLs to HTTPS: RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} ^/my/?.*$ RewriteCond %{REQUEST_URI} !^/my/basket/add?.*$ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} ^/login/?.*$ RewriteCond %{REQUEST_URI} ^/logout/?.*$...
Hey just a quick question for any experts out there. I have a site that lets users interact through messages and to sign up you just make a username and password, verify your age, and optionally, add an email. There isn't really any sensitive information I suppose. Is it worth using https. Will it prevent session hi jacking and will it h...
I'm designing an RESTful API where some calls are public over HTTP, and some require an API key and encryption over HTTPS. I'm deliberating on what response code should be sent if an HTTP request is sent to one of the private resources. So far the only one that jumps out at me is 412 - Precondition Failed, but the standard indicates th...
Hi all, I am trying to understand Http/Https a little better and possibly what headers I'm sending clients. Does the client have to re-fetch the same file under Https when it has already been fetched under Http, or do I need to send special headers? Well, the reason the file is served over http/https is that it is simply a banner. Wh...
I have made a silverlight application and I have hosted it on my localhost IIS. and the URL of this application is http://localhost/default.aspx I have developed and other xml-rpc server which is also running on same machine and its address is https://localhost:8000, I am having problem in calling the remote functions from the url https:...
Hello! I'm new here and I have a strange problem which needs to be solved. Previously I searched in the whole forum and I've read all of related questions but I didn't find solution to my question. We have two servers and a firewall computer. On the Server#1 there is an Apache 2.2 web server and it forwards the incoming traffic to the a...
I'm using ASP.NET MVC 2 and have a login page that is secured via HTTPS. To ensure that the user always accesses those pages via SSL, I've added the attribute [RequireHttps] to the controller. This does the job perfectly. When they have successfully logged in, I'd like to redirect them back to HTTP version. However, there isn't a [Requi...
I'm not sure if this is a bug or if I'm just doing something wrong. If I were to do an HTTP connection like this: import httplib http_connection = httplib.HTTPConnection("192.168.192.196") http_connection.request("GET", "/") http_connection.sock.settimeout(20) response = http_connection.getresponse() data = response.read() http_connec...
I'm very new to HTTPS/SSL so excuse my lack of knowledge. Right now I'm trying to setup a simple Java client in which it connects to a web server through HTTPS. I've seen some example code online but can't seem to really make sense of it. Also I was wondering if there is a difference between setting it up on a Windows machine compared to...
I want to let users create "apps" (like Facebook apps) for my website, and I'm trying to figure out the best way to make it secure. I have a REST api i want to run the user apps in an iframe on my own site (not a safe markup language like FBML) I was first looking at oAuth but this seems overkill for my solution. The "apps" don't ne...
Hello colleagues. I've created wcf service and want use http and https version. Service is hosted by IIS 6.0. At my config I have: <bindings> <basicHttpBinding> <binding name="BindingConfiguration1" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"> <readerQuotas maxDepth="2147483647" maxStringContentLeng...
I have implemented a straightforward OpenID support for my ASP.NET app with DotNetOpenAuth. Yet I recently realized that the implementation was treating http://johndoe.example.com/ as a distinct user compared to https://johndoe.example.com. This lead to quite a few confused users. I am unsure what to do at this point. Is this a bug or a...
Hi all, I dont want that my webpage show security information about this page contains both secure and nonsecure... this only happen in ie6, i am testing with the program ietester. I know that the problem is in file mootools-1.11-uncompressed.js in this line if(!$("ie_ready")){var C=(window.location.protocol=="https:")?"://0":"javascr...
I'm adding a facebook comment widget to a website. I'm placing this widget in a file that is included on everypage. The navigation is relatively linked so it switches back and forth from http and https. But for some reason the comment widget only shows up if both the src linked file and webpage is secure or both the src linked file an...
We have a site that runs on HTTPS and needs to pull in various JS assets to run a video player on the page. We get a browser security warning on this page because the JS files we are externally calling are being accessed via HTTP, not HTTPS. E.g. // HTTP reference on a HTTPS site <script src="http://the-cdn.tld/player.js"></script...
Hi, I'm connecting to an ASP.NET web service from a personal blackberry device (No IT policy). The connection is over HTTPS, so the user needs to explicitly trust this certificate and add it to their keystore to proceed. Since the app is targeted towards a (mostly) non technical user base, I don't think this is a good idea. Is it possi...
Hello, Basically started with Squid and iptables today (google is your friend). This stuff is going to be the death of me. I have Squid3 setup on Ubuntu 9.04 server as Transparent Proxy. It works sweetly when i use the proxy-box as my default gateway etc. The iptable rules for this setup was part of the tutorial. :P I can unfortunatel...
If I have a web page served from https://mydumbwebsite.com, and it has an iframe in it that serves from https://subdomain.mydumbwebsite.com, should I expect a significant number of browsers (like >1% of the current browsers in use) to show a security warning? Please don't guess at this. I would like an answer based on real-world experi...