 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / February 2005Annoying: You are about to leave secure internet connection
We have our intranet website running on IIS 6.0 using SSL. On our application side, we have some code that goes to the \\Servername\DirectoryName\myFile.pdf and grabs the file for the user. Now the problem is with SSL. Everytime some user click on the link, they get Internet Explorer security message: You are about to leave the secure internet connection. It will be possible for others to view the information. Any idea\tips\tricks that we can find a work around on this other than requesting users to check the box that says, In future, do not show this warning? Help!!! SK You would probably have better luck in an IIS group, but here it goes anyway... Have you considered making the PDF file accessible via the site so that it can be fetched via an HTTPS address? If you're dealing with a small number of fairly static files, copying the files to your site might be the best approach. If there are a large number of files to be referenced and/or they change often, you might want to consider setting up a virtual directory in your web application to point through to a share on the other server. This should allow you to create links that point to the virtual directory over HTTPS, avoiding the client-side problem entirely. If you decide to go this route, you should take a look at http://support.microsoft.com/kb/280383 for some of the potential gotchas. HTH, Nicole > We have our intranet website running on IIS 6.0 using SSL. On our > application [quoted text clipped - 12 lines] > > SK Nicole, We already have a virtual directory pointing to the file server. We are using that for handful of users outside the LAN area. As 90% of users are going to be inside of LAN, the idea was to avoid network traffic using vir dir for users who are in LAN. But thanks for your response anyway. I will try in IIS group then. Thanks SK > You would probably have better luck in an IIS group, but here it goes > anyway... [quoted text clipped - 29 lines] > > > > SK Think of what would be possible if you could do this: I create a website that requests that a user create a login. Their user name and password are entered on an SSL site, but then on the next page I redirect them to a site that's not accessable via HTTPS. Additionally my site also programatically disables that dialog box. Now, the user is entering personal information, thinking that it's safe, when in fact it isn't. Granted the above is a pretty strange scenario, but the point is the same. If you could do this, it would be an enormous security hole in the browser. -Shawn http://blogs.msdn.com/shawnfa -- This posting is provided "AS IS" with no warranties, and confers no rights. Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated. -------------------- > Thread-Topic: Annoying: You are about to leave secure internet connection > thread-index: AcUSycYByXo77lB9SkKyK5ZGvf6bTw== [quoted text clipped - 33 lines] > > SK The example doesn't need to be that complex. Redirecting to within the same site to force HTTP can cause a problem if the user continues to submit sensitive information. Redirecting to another site is potentially a problem regardless of whether HTTP or HTTPS, particularly if the user doesn't notice the change and continues to behave as if he were interacting with the original site. > Think of what would be possible if you could do this: > [quoted text clipped - 59 lines] >> >> SK Yep -- in general those prompts are there for a reason, and allowing the website owner to disable them would make them useless and open up holes. Granted the example was pretty bad, my creativity skills failed me while typing up the response :-) -Shawn http://blogs.msdn.com/shawnfa -- This posting is provided "AS IS" with no warranties, and confers no rights. Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated. -------------------- > From: "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> > References: <CC2414DC-E478-4A70-AFDD-AA5823EBC505@microsoft.com> <gwUVjhgFFHA.400@TK2MSFTNGXA02.phx.gbl> > Subject: Re: Annoying: You are about to leave secure internet connection > Date: Sat, 19 Feb 2005 13:09:17 -0500 [quoted text clipped - 8 lines] > NNTP-Posting-Host: modemcable209.143-202-24.mc.videotron.ca 24.202.143.209 > Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1 4.phx.gbl > Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9145 > X-Tomcat-NG: microsoft.public.dotnet.security [quoted text clipped - 69 lines] > >> > >> SK Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.