secure and non secure items message

  • Thread starter Thread starter tim
  • Start date Start date
T

tim

Hi,

I do not know why i am suddenly getting this message "This page conatins
both secure and nonsecure items. Do you want to display the non secure
items?"
as I have not knowingly changed any security settings.

How do I stop this warning when i open my browser and go to a url ??

Thanks
 
Hello,

Sometimes although pages are encrypted, not all the forms on the pages are
encrypted, and Internet Explorer just warns you about that so that you know.
This is a good feature to have when you are shopping online and so on so
that you can ensure that all forms on that particular page are encrypted.

If you do want to stop this Open Internet Explorer > Press the Alt key so
that the menu bar pop's up > Tools > Internet Options > Security Tab >
Custom Level... > Scroll down to the Miscellaneous section > Where it says
'Display mixed content change the option to Enable and click OK > Click Ok.
 
To turn off the warning, on the Advanced tab of Internet Properties (IE >
Tools > Internet Options), uncheck "Warn about certificate address
mismatch", under the section labeled "Security" (Apply, OK).
 
dean-dean said:
To turn off the warning, on the Advanced tab of Internet Properties (IE >
Tools > Internet Options), uncheck "Warn about certificate address
mismatch", under the section labeled "Security" (Apply, OK).
Click to expand...


That won't correct the problem the original poster was talking about, and
it's bad security advice in general.

If a certificate doesn't match the name of the web site, then it's the wrong
certificate for the web site, and you should assume that your connection has
been redirected to another site that may be malicious. Don't turn off the
warning for that!

The fix for the poster's original question is for the web-site designers to
ensure that every included component on a secure page is served by a secure
link. As an example of why this is a bad thing, consider a web form with a
graphic at the top. If the form is delivered securely, but the graphic is
not, the graphic could be manipulated inline by a "man in the middle"
attacker to display instructions to the user - for instance, "Form not
working - please submit financial details to (e-mail address removed) instead
of using the form."

The user will see that they have a secured form, and will presume that the
graphic is reliable as coming from the vendor.

Working around this at the client side is not a good security solution.

Alun.
~~~~
 
Back
Top