Security Basics mailing list archives
Re: HTTPS vs encrypted frames in HTTP
From: Sasha <alserkli () inbox ru>
Date: Wed, 17 Dec 2003 21:12:00 +0200 (IST)
On Wed, 17 Dec 2003, b00 dog41 wrote:
The web site vendor claims they are secure because they encrypt the frames with SSL vs encrypting the whole web page via HTTPS. I have not seen this before and am uncomfortable with the technique. We can in fact see the cert by right clicking on the frame and choosing properties.
This can mean that they send encrypted messages over http, or that you have browser window divided into frames, and on of the pages use https. I guess the second explanation is the correct one.
My question: Is frame encryption good enough? Is there a method or known vulnerabilities to entercept traffic.
Well, if you know url of the page you can as well open it in the separate window. Unless there are bugs in you browser which allows a script from one frame read values set in another frame and scripts in other frames exploiting this bugs you have no problem.
Bottom line: Should I be worried about this?
If you concerned with network interception -- NO. Regards, ASK --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- HTTPS vs encrypted frames in HTTP b00 dog41 (Dec 17)
- Re: HTTPS vs encrypted frames in HTTP Sasha (Dec 17)
- Re: HTTPS vs encrypted frames in HTTP Eloi Granado (Dec 18)
- <Possible follow-ups>
- RE: HTTPS vs encrypted frames in HTTP Shawn Jackson (Dec 17)
- Re: HTTPS vs encrypted frames in HTTP Sasha (Dec 17)