mike said:
I thought I made it clear that this was a new issue. The
question of clicking the "Do Not Show this Message" box
could just hide the fact that something is wrong, security
wise, that needs to be fixed. I don't want information read
by others just as I don't want my SSAN and credit card
numbers posted on forums. I don't know why information like
that wasn't included in my update to gordon's comment which
wasn't very helpful.
Mike
Have you recently changed the level of your Internet Explore
security settings from Medium to High?
Go to Control Panel -> Internet Options and click on the
Security tab. Hit the "Custom Level" button. Scroll down to
"Submit nonencrypted form data". If it's set to prompt, you
receive that warning. Leaving the box checked changes that
setting to Enable.
Quoting from this MS article:
http://www.microsoft.com/resources/documentation/ie/6/all/reskit/en-us/part2/c04ie6rk.mspx
• Submit nonencrypted form data. This option determines
whether HTML pages in the zone can submit forms to or accept
forms from servers in the zone. Forms sent with Secure Sockets
Layer (SSL) encryption are always allowed; this setting only
affects data that is submitted by non-SSL forms. This option
has the following settings:
• Disable, which prevents information from forms on
HTML pages in the zone from being submitted.
• Enable, which allows information from forms on
HTML pages in the zone to be submitted without user
intervention.
• Prompt, which prompts users to choose whether to
allow information from forms on HTML pages in the zone to be
submitted.
Quoting from this article:
http://www.windowsitpro.com/Article/ArticleID/21026/21026.html
"Submit nonencrypted form data. When a user fills in some
fields on a Web page form and clicks submit, IE checks first to
see whether the user connects to the server using Secure Socket
Layer (SSL) to encrypt the form. If so, IE sends the form
content to the Web server. If the connection to the Web server
isn’t using SSL encryption, IE checks Submit nonencrypted form
data to see whether the user has permission to send the form
without encryption protection. Depending on the Web page, the
information the user just entered might be confidential (e.g.,
credit card numbers). A Web developer should never request
private information from a user without using encryption, but
some do. Hackers can look at data users send in the clear text
over the Internet. If you enable this option, train users to
determine whether a Web page is using SSL by looking for the
lock icon at the bottom of the IE window. If Web pages don't
display the lock icon, train users not to enter private
information. If you set this option to Prompt, users don’t need
to remember to look for the lock before submitting private
information. IE will always warn users before it sends form
data they've just entered in clear text. However, if you want
to prevent users from sending any form data in clear text, set
Submit nonencrypted form data option to disable. Unfortunately,
you'll prevent users from accessing clear text connection sites
that ask for relatively public information, such as email
addresses, because IE doesn’t know when form fields include
only private data. Keep in mind that setting the Prompt option
can really annoy users, so if you can't train users not to
enter private information on Web pages that don’t display the
lock icon, Prompt is your only other option."
Is that enough information for you? If you want more, I'd
suggest doing a google search for "submit nonencrypted form
data" or "Internet Explorer security zones".
Also, you might want to try keeping your responses within the
same thread. And if you really want to get your questions
answered, lose the attitude.
Nepatsfan
