tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konstantin Kolinko" <>
Subject Re: How to use https together with http
Date Fri, 01 Feb 2008 14:25:28 GMT
You cannot and must not show that your page is secure, because it is not.

The problem is that your page is vulnerable to a man-in-the-middle
attack: there is no guarantee that the text of your web page or of the
javascript files that it is using was not altered by someone while it
was transmitted from the server to your client.

E.g. someone may implement a script that submits the copy of sensitive
data to some other server, before submitting it through https to your

The only way to claim that your page is secure is to serve it through https.

2008/2/1, Dave <>:
>   if a form may contain personal data, it should be summitted using https. Also we need
to let user know it is secure by showing a lock and https://.... in browser address bar.
>   sometimes The IE browser shows a warning: the page contains both secure and nonsecure
data.  what is the meaning? how to avoid the warning?

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message