Šodienas jautājumu un atbilžu sesija mums priecājas par SuperUser - Stack Exchange dalību, kas ir kopienas vadīta Q & A tīmekļa vietņu grupa.
Jautājums
SuperUser lasītājs David Starkey vēlas uzzināt, kāpēc viņa pārlūks saka, ka droša vietne nav pilnībā droša:
I was accessing Pandora via SSL and noticed a few icons by the URL. First is this exclamation point in a triangle, indicating the page is not fully secure.
Kas šeit notiek? Vai Dāvida savienojums ar Pandora tīmekļa vietni ir drošs vai ne?
Atbilde
SuperUser ieguldītājam redburn ir atbilde mums:
This is called a “mixed content” page. From the Mozilla Developer Network (Mixed Content):
If the HTTPS page includes content retrieved through regular, cleartext HTTP, then the connection is only partially encrypted: the unencrypted content is accessible to sniffers and can be modified by man-in-the-middle attackers, and therefore the connection is not safeguarded anymore. When a webpage exhibits this behavior, it is called a mixed content page.
The statements are not contradictory, but complementary, and a little confusing perhaps. The first says the page itself is not fully secure because it contains unencrypted elements (all web browsers will notify you of this), whereas the second notes that these elements have been automatically blocked by Firefox.
If Firefox did not block the unencrypted elements, then strictly speaking, the page would not be secure.
HTTPS Everywhere does not guarantee a secure connection. It will only try to force HTTPS whenever it is available; if it is not, then there is nothing a user or browser can do about it outside of blocking the unsecure content.
Vai kaut ko pievienot paskaidrojumam? Skatieties komentāros. Vēlaties lasīt citas atbildes no citiem tehnoloģiju savvy Stack Exchange lietotājiem? Šeit skatiet pilnu diskusiju pavedienu.