SSL and Frames
-
Hi guys and gals. I currently have a site that is secured with SSL and is viewed through a non secured frame http://blah/main.html loads https://app.blah.com/ and i'm fairly certain everything is secure. What i want to do now is have a https://secure.blah.com/main.html which loads http://newApp.blah.com/ I just have no idea if newApp will be secure or not even though the frame that loaded it is using SSL. I know using https for newApp would work, but we have to host app and newApp at the same time and dont want to buy a ssl cert for the newApp site while we phase out app. There are some other reasons why the boss doesnt want to buy the ssl certs for newApp, but if it wont be secure otherwise we may not have a choice. Our users were complaining bout not having a padlock show up in the browser when they logged in, even though the login and every page past it was using https. Any help or suggestions on how to make this work would be appreciated. John
Please remember to rate helpful or unhelpful answers, it lets us and people reading the forums know if our answers are any good.
-
Hi guys and gals. I currently have a site that is secured with SSL and is viewed through a non secured frame http://blah/main.html loads https://app.blah.com/ and i'm fairly certain everything is secure. What i want to do now is have a https://secure.blah.com/main.html which loads http://newApp.blah.com/ I just have no idea if newApp will be secure or not even though the frame that loaded it is using SSL. I know using https for newApp would work, but we have to host app and newApp at the same time and dont want to buy a ssl cert for the newApp site while we phase out app. There are some other reasons why the boss doesnt want to buy the ssl certs for newApp, but if it wont be secure otherwise we may not have a choice. Our users were complaining bout not having a padlock show up in the browser when they logged in, even though the login and every page past it was using https. Any help or suggestions on how to make this work would be appreciated. John
Please remember to rate helpful or unhelpful answers, it lets us and people reading the forums know if our answers are any good.
Does your company own blah.com? You can get certificates that work on *.blah.com. If you don't use an https URL for newApp all data sent to and from newApp will NOT be secure. A secure frames page is pretty useless. It's like putting a deadbolt on a sliding glass door and removing the glass. The door frame is secure, but nothing that goes through it is secure.
-
Does your company own blah.com? You can get certificates that work on *.blah.com. If you don't use an https URL for newApp all data sent to and from newApp will NOT be secure. A secure frames page is pretty useless. It's like putting a deadbolt on a sliding glass door and removing the glass. The door frame is secure, but nothing that goes through it is secure.
Yeah we own it, like i said the only reason we want the secure frame is to appease the users, and some other people, by having the lock show up in the browser. Does anybody have an article or something that talks about this, i dobut they'll just take my word for it. Thanks for the good answer btw.
Please remember to rate helpful or unhelpful answers, it lets us and people reading the forums know if our answers are any good.
-
Hi guys and gals. I currently have a site that is secured with SSL and is viewed through a non secured frame http://blah/main.html loads https://app.blah.com/ and i'm fairly certain everything is secure. What i want to do now is have a https://secure.blah.com/main.html which loads http://newApp.blah.com/ I just have no idea if newApp will be secure or not even though the frame that loaded it is using SSL. I know using https for newApp would work, but we have to host app and newApp at the same time and dont want to buy a ssl cert for the newApp site while we phase out app. There are some other reasons why the boss doesnt want to buy the ssl certs for newApp, but if it wont be secure otherwise we may not have a choice. Our users were complaining bout not having a padlock show up in the browser when they logged in, even though the login and every page past it was using https. Any help or suggestions on how to make this work would be appreciated. John
Please remember to rate helpful or unhelpful answers, it lets us and people reading the forums know if our answers are any good.
Bit of a no-brainer isn't it. To be secure you have to use SSL, and hosting the real unsecured app inside a secure frame will not do the job. It's all about server communication not what shows in the browser. On another post I see you only want it to look secure to appease some people. Well, the same holds. If it is secure it is secure, if it is not then you should not pretend. To use the example on another reply, that would be like putting a photo of a padlock on your shed and hoping no-one realises it is not real.
If you have knowledge, let others light their candles at it. Margaret Fuller (1810 - 1850) [My Articles] [My Website]
-
Bit of a no-brainer isn't it. To be secure you have to use SSL, and hosting the real unsecured app inside a secure frame will not do the job. It's all about server communication not what shows in the browser. On another post I see you only want it to look secure to appease some people. Well, the same holds. If it is secure it is secure, if it is not then you should not pretend. To use the example on another reply, that would be like putting a photo of a padlock on your shed and hoping no-one realises it is not real.
If you have knowledge, let others light their candles at it. Margaret Fuller (1810 - 1850) [My Articles] [My Website]
I didnt think it would work the way they wanted, maybe its time to get one of those wildcard certs. unfortunatly the people who use are site are "tech" people because they took a computer class in HS and if they dont get their lock symbol they call and complain and dont listen to reason, so now we're adding it to shut them up. I didnt know if it would work or not, it didnt seem right to me so i asked. Now i have a couple solutions, thanks for your help.
Please remember to rate helpful or unhelpful answers, it lets us and people reading the forums know if our answers are any good.