What's a secure connection, what could be un-secure content, and should I care?

  • 2 Replies

0 Members and 1 Guest are viewing this topic.



  • Guest
Frequently, a webpage will cause this security popup to appear?

Security Warning
Do you want to view only the webpage content that was delivered securely?
This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage.

So, how could a secure connection deliver un-secured content, how could compromise the security of the entire webpage, and why should I care?

This is like saying that some financial security service is delivering totally unknown stuff to banks along with the regular bags of paper money, rolls of coins, etc.  It doesn't make sense to me.


Offline LeeE

  • Neilep Level Member
  • ******
  • 3382
    • View Profile
    • Spatial
HTTPS is an encrypted version of the ordinary HTTP protocol.  What this means is that the data that passes between the server and your browser is encrypted, so that if someone tries to eavesdrop in the middle i.e. listen in to the data going back and forth, they won't be able to read it.

A web page delivered via HTTPS can also include links to, or incorporate data from other places, as well as send any data you enter, to other places as well as the web site you're viewing, but if those other places don't support HTTPS connections or a new HTTPS connection to the other site is not established, then the data is transferred 'in the clear', meaning that the man-in-the-middle listening to the data going back and forth can read it.

In general, it doesn't make much sense to incorporate non-HTTPS links in HTTPS delivered content, but then there's an awful lot of incompetence on the web so there may not be nefarious intentions behind it.  As long as you don't send any data over the non-secure link it'll only mean that the man-in-the-middle type snooping can only see what you're looking at.
...And its claws are as big as cups, and for some reason it's got a tremendous fear of stamps! And Mrs Doyle was telling me it's got magnets on its tail, so if you're made out of metal it can attach itself to you! And instead of a mouth it's got four arses!


Offline techmind

  • Hero Member
  • *****
  • 934
  • Un-obfuscated
    • View Profile
    • techmind.org
A secure connection (e.g. https protocol) is fully encrypted. The encryption not only prevents a 'man in the middle' from observing the data flow, it also prevents such an interstitial party from surruptitiously modifying the data (e.g. webpage) as it is delivered.

If you connect via wired broadband, then in reality it's probably fairly unlikely anyone will maliciously meddle with your data. If you connect to the net via a poorly-secured wireless router, or via public WiFi (or via a public wired network eg in a hotel room) then it is technically fairly easy for anyone else on the network to watch your traffic (although you might still think it fairly unlikely).
Using a secured channel prevents any such person from seeing or meddling with your communications.

The 'mixed content' warnings crop up occasionally as described by an earlier poster. While there's theoretical risk (and as the user of the site, you can't see which bits are secure and which aren't - nor how they might interact), in the vast majority of cases this warning results from bad programming of the website rather than anything to be unduely concerned about.
"It has been said that the primary function of schools is to impart enough facts to make children stop asking questions. Some, with whom the schools do not succeed, become scientists." - Schmidt-Nielsen "Memoirs of a curious scientist"