Naked Science Forum
Non Life Sciences => Geek Speak => Topic started by: DiscoverDave on 06/01/2010 17:35:38
-
Frequently, a webpage will cause this security popup to appear?
Security Warning
Do you want to view only the webpage content that was delivered securely?
This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage.
So, how could a secure connection deliver un-secured content, how could compromise the security of the entire webpage, and why should I care?
This is like saying that some financial security service is delivering totally unknown stuff to banks along with the regular bags of paper money, rolls of coins, etc. It doesn't make sense to me.
-
HTTPS is an encrypted version of the ordinary HTTP protocol. What this means is that the data that passes between the server and your browser is encrypted, so that if someone tries to eavesdrop in the middle i.e. listen in to the data going back and forth, they won't be able to read it.
A web page delivered via HTTPS can also include links to, or incorporate data from other places, as well as send any data you enter, to other places as well as the web site you're viewing, but if those other places don't support HTTPS connections or a new HTTPS connection to the other site is not established, then the data is transferred 'in the clear', meaning that the man-in-the-middle listening to the data going back and forth can read it.
In general, it doesn't make much sense to incorporate non-HTTPS links in HTTPS delivered content, but then there's an awful lot of incompetence on the web so there may not be nefarious intentions behind it. As long as you don't send any data over the non-secure link it'll only mean that the man-in-the-middle type snooping can only see what you're looking at.
-
A secure connection (e.g. https protocol) is fully encrypted. The encryption not only prevents a 'man in the middle' from observing the data flow, it also prevents such an interstitial party from surruptitiously modifying the data (e.g. webpage) as it is delivered.
If you connect via wired broadband, then in reality it's probably fairly unlikely anyone will maliciously meddle with your data. If you connect to the net via a poorly-secured wireless router, or via public WiFi (or via a public wired network eg in a hotel room) then it is technically fairly easy for anyone else on the network to watch your traffic (although you might still think it fairly unlikely).
Using a secured channel prevents any such person from seeing or meddling with your communications.
The 'mixed content' warnings crop up occasionally as described by an earlier poster. While there's theoretical risk (and as the user of the site, you can't see which bits are secure and which aren't - nor how they might interact), in the vast majority of cases this warning results from bad programming of the website rather than anything to be unduely concerned about.