Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / May 2007

Tip: Looking for answers? Try searching our database.

Secure page problem

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
tshad - 08 May 2007 18:07 GMT
I have a problem with a page I am trying to secure.  It has a flash object
as well as a couple of 3rd party objects used for tracking use of the page.
I keep getting a message saying that there are unsecure items on the page.
I assume this is because of some absolute URL paths.  But one of them
doesn't cause the problem and it also has an absolute URL in it.

The first 2 cause an error:
************************************************************
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
  codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0"
  width="335" height="85" title="StaffingWorkshop">
     <param name="movie" value="../flash/sw.swf">
     <param name="quality" value="high">
     <embed src="../flash/sw.swf" quality="high"
pluginspage="http://www.macromedia.com/go/getflashplayer"
      type="application/x-shockwave-flash" width="335" height="85">
     </embed>
</object>

<!-- OPENTRACKER HTML START -->
<script defer
src="http://server1.opentracker.net/?site=www.staffingworkshop.com">
</script><noscript>
<a href="http://www.opentracker.net" target="_blank">
<img
src="http://img.opentracker.net/?cmd=nojs&site=www.staffingworkshop.com"
alt="web tracker" border="0"></a> </noscript>
<!-- OPENTRACKER HTML END -->
***************************************************************

This one doesn't cause an error but it also has 2 absolute URLs in it.
***************************************************************
<div id="ci7eh6" style="z-index:100;position:absolute">
</div>
<div id="sc7eh6" style="display:inline">
</div>
<div id="sd7eh6" style="display:none">
</div>
<script type="text/javascript">var se7eh6=document.createElement("script");
se7eh6.type="text/javascript";se7eh6.defer=true;se7eh6.src=(location.protocol.indexOf("https")==0? "https://secure.providesupport.com/image":"http://image.providesupport.com")+ "/js/ftshr/safe-standard.js?ps_h=7eh6\u0026ps_t="+ new Date().getTime();document.getElementById("sd7eh6").appendChild(se7eh6)</script><noscript><div style="display:inline"><a href="http://www.providesupport.com?messenger=ftshr">LiveSupport</a></div></noscript>*
***************************************************************Why does it work and the others not work?Is there a way I can make the others work?Thanks,Tom
Reply to this Message
MasterGaurav (www.edujini-labs.com) - 08 May 2007 18:38 GMT
>I have a problem with a page I am trying to secure.  It has a flash object
>as well as a couple of 3rd party objects used for tracking use of the page.
>I keep getting a message saying that there are unsecure items on the page.
>I assume this is because of some absolute URL paths.  But one of them
>doesn't cause the problem and it also has an absolute URL in it.

By secure I assume that you are moving on to https.
If so, some components, as I could see, are coming from http, and hence the
issue.

Signature

Happy Hacking,
Gaurav Vaish | www.mastergaurav.com
www.edujini-labs.com
http://eduzine.edujini-labs.com
-----------------------------------------

Reply to this Message
tshad - 08 May 2007 20:23 GMT
> >I have a problem with a page I am trying to secure.  It has a flash
> >object as well as a couple of 3rd party objects used for tracking use of
[quoted text clipped - 6 lines]
> If so, some components, as I could see, are coming from http, and hence
> the issue.

Right.

But the 3rd object also has http://www.providesupport.com?messenger=ftshr 
and there doesn't seem to be a problem there?

Is there a way around the http problem on a secure page (ssl/https)?

All of our pages come from templates that have these objects on them and
would like the pages to look the same on the secure pages.

Thanks,

Tom
Reply to this Message
MasterGaurav (www.edujini-labs.com) - 09 May 2007 04:50 GMT
> Is there a way around the http problem on a secure page (ssl/https)?

The browsers, as should *good browsers* be expected to, report a warning if
there is a mixed-content.

The only alternative is to use relative paths to ensure that HTTP or
HTTPS... it's always the same for all items.

> All of our pages come from templates that have these objects on them and
> would like the pages to look the same on the secure pages.

If these *objects* are hosted on the same server, using relative paths
should be trivial.

Signature

Happy Hacking,
Gaurav Vaish | www.mastergaurav.com
www.edujini-labs.com
http://eduzine.edujini-labs.com
-----------------------------------------

Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.