Securing a non-secure connection

Similar Messages

• Disable Security  Alert while redirecting for secure to non secure mode.

  Hi Experts,
  I am new to the portal and came accross a very different kind of requirement for which i need you advice.
  On pressing the Logout button on the portal, the navigation/control is redirecting to the non secure Http website. My portal is on Https site. Now the issue is upon logging out I am getting the security Alert " You are about to direct to a connection that is non secure. Do you want to continue? "
  Now I have a requirement to suppress or remove this pop up. I do understand that this is the IE functionality to show the pop message and I have already uncheck the check box under Internet Options -> Advanced -> miscellaneous -> Warn if changiung between Secure to non secure.
  Please suggest !
  Thanks
  Shobhit Taggar

  Shobhit,
  Which version of IE?
  Regards,
  Sandeep Tudumu

• Disable security Alert while redirecting from secure to non secure mode

  Hi Experts,
  I am new to the portal and came accross a very different kind of requirement for which i need you advice.
  On pressing the Logout button on the portal, the navigation/control is redirecting to the non secure Http website. My portal is on Https site. Now the issue is upon logging out I am getting the security Alert " You are about to direct to a connection that is non secure. Do you want to continue? "
  Now I have a requirement to suppress or remove this pop up. I do understand that this is the IE functionality to show the pop message and I have already uncheck the check box under Internet Options -> Advanced -> miscellaneous -> Warn if changiung between Secure to non secure.
  Please suggest !
  Thanks
  Shobhit Taggar

  Shobhit,
  Which version of IE?
  Regards,
  Sandeep Tudumu

• Flash causes "page contains secure and non-secure..."

  Hi All,
  I have a flash menu on my web store .php pages and am getting
  a "this page contains secure and non-secure items..." in IE7 in
  Vista. I think this is because of the Flash menus, but thought I
  had taken care of this by making the codebase embedding to
  "https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0"
  Any suggestions on how to deal with this?
  Thanks, Scott

  Thanks so much ShadowKnyte for the reply. Turns out it wasn't
  the Flash menu, after all, as it did have the embedding links set
  to https. In fact, it was my Google analytics call at the end of
  the page. It needed to be changed to:
  <script src="https://ssl.google-analytics.com/urchin.js"
  type="text/javascript"></script>
  In case that helps anyone else out.
  Cheers, Scott

• Secure and non-secure access to the web application in one war

  Say we have one web application (in one war) which includes JSP, servlets and the security intercepter. There is one business requirement to have most of the JSP(s) accessed via HTTPS, but a few JSP(S) accessed via HTTP.
  My questions are:
  a. Is this possible, or a reasonable requirement or a good practice?
  b. if yes, what can we do to make it happen in the security intercepter implementation?
  c. If not, what is the technical reasons?
  Thanks much.

  a) Yes its is reasonable and good practive, there is an overhead using https, so you should only encrypt file you need to. When you use an online store, only account details / payments are https, the shop itself is http
  b) I dont really understand your difficulty. You can define a folder as 'secure' and put all your secure pages in this folder, leaving non secure files in a different folder. Whenever a page in the secure folder is accessed, https is automatically invoked.

• Problem with automatic logout between secure and non-secure urls

  On my business catalyst page the user login page is located on a non secure url (our site's domain and not worldsecuresystems). When a user is logged in and then views a page on a secure url (i.e. a page to purchase a subscription to a secure zone) it does not retain their login cookie and it appears they have been logged out. This also creates a problem where I cannot pre populate the secure zone purchase form with a user's information based on their account details. Is there a way to retain have both domains recognize the user is logged in to allow the user to freely pass between these domains without having to login twice? I was considering putting the login page on the secure domain and using relative urls for all my links but for some reason some of my pages appear corrupt when viewed on the worldsecuresystems domain so I'd like to avoid this method. Any help would be appreciated.

  Make sure the referrer paramter is correctly set on the form.
  This is the default BC action. But remember the {module_siteurl} will return the host they are currently on. So if this is used on a secure page you'll need to use {module_sitehost} instead
  action="{module_secureurl}/ZoneProcess.aspx?ZoneID=-1&amp;Referrer={module_siteUrl,true,true}&amp;OID={module_oid}&amp;OTYPE={module_otype}">

• Secure and Non-secure Items

  Is anyone else getting a "secure"/"non-secure" items warning when iTunes is being launched from a webpage?
  The page with the problem lives on "https://deimos.apple.com". I don't think that I can fix the problem locally, but the warning stops iTunes from launching and some of my users are getting upset.
  It looks like the solution could be a quick fix, the address to the .css file, and some of the images is "http://deimos.apple.com" (NO "S" in the httpS://deimos...).
  How can I report this type of problem? Who do I send the issue to?

  I think this is your web browser warning you that the web page you are view has https and http URLs. Its not directly an iTunes U issue.

• Ajax Login both secure and non secure url

  Does anyone know if there is a way to use ajax to log a user in for both the non secure and secure url. Normally if you're submitting a log in form over the secure url with the non secure url in the referrer parameter it will log you in on both domains but not via ajax. Anyone have a good work around?

  Here’s the code I’ve used…
  {% if Settings.Site_Live -%}
  {% assign redirectHTTP = "" -%}
  {% assign redirectDOMAIN = Settings.Site_URL -%}
  {% assign redirectEXTEND = "" -%}
  {% else -%}
  {% assign redirectHTTP = "http%3a%2f%2f" -%}
  {% assign redirectDOMAIN = Settings.System_Name -%}
  {% assign redirectEXTEND = ".fueldesign.co.nz" -%}
  {% endif -%}
  {% capture redirectURL -%}{{redirectHTTP}}{{redirectDOMAIN}}{{redirectEXTEND}}{% endcapture -%}
  <form class="form--box escapeWorldSecureSystems" method="post" action="https://{{Settings.System_Name}}.worldsecuresystems.com/ZoneProcess.aspx?ZoneID=51&amp;Referrer={{ redirectURL}}&amp;OID=&amp;OTYPE=" data-parsley-validate>
  Note: I have a Settings collection that has a lot of data from a Settings web app that controls a lot of settings for the website, such as “Site_Live” checkbox etc. this allows my sign-ins to be generic and editable site to site.
  And here’s the development URL where I’m working on this. (don’t just my site during development stage lol)
  http://astrolift.fueldesign.co.nz/ <http://astrolift.fueldesign.co.nz/>
  username: dev
  password: dev123
  Hopt this gives you some inspiration.
  Let us know if you get the ajax working.
  Cheers guys

• Secure and non secure hotspots

  When setting up my e1000 router for a secure domain it automatically opened a non secure one that my neighbors are using. How can I cancel it? Please help

  Sounds like your guest network is active and you need to disable it or assign a password.  The instructions are in the manual you received on the CD.

• Webservice get/send securely in non-secure shell?

  Hey all,
  Perhaps I'm btiing off things a bit too complicated for someone who has never used FLEX before, but I've got to do some research and then build a mock sample for the company I work for.
  What we're trying to do is allow users to login via flex to their account w/o ever leaving the current page they're viewing. Currently they are taken to another area and system altogether so as to jump from the non-secure to secure server.
  So the plan is to just click the login button and stay right there the whole time for a seamless experience. I had asked if this was possible at all previously and heard about the SecureHTTPChannel method as well as the SecureAMFChannel one.
  I have gotten Flex to see our wsdl and pull a string of data via the WebService function, throw it in a DataGrid, but honestly have no clue whatsoever where to even start moving towards now in order to get to the intended goal mentioned above.
  Can someone please help point me in a general direction as to what needs to happen and what general methods need to be employed to get there? Thanks for any help!

  This is related to the URL bar autofill feature. Please see these threads:
  * [https://support.mozilla.org/en-US/questions/933563 typing in url for my company website sends it to https index page in Firefox, but not IE or Chrome, and the behavoir is not wanted]
  * [https://support.mozilla.org/en-US/questions/933470 After updating to 14.0.1 Firefox will force https on websites. How do I fix?]

• SSL - Secure and non secure objects

  Hello to all!
  A box of donuts to anyone who knows how to handle this one! Using Portal 5.03 in an Internet setting (City home page) and we use the "Hosted Display Mode" to serve some of our vendor applications (such as online class registration) through the gateway so that it comes up inside the portal.This works fine until you get to a page being served via SSL. What happens is that many of the objects on the pages (images, javascript, etc) are being called via http instead of https. Some of the items come from the application itself, but a great number of these references come straight from the portal (things like helper javascript such as PTUtil.js)So my question becomes, is there anyway that the gateway can force every URL coming through to write out as https?
  ~Kevin.

  Hello to all!
  A box of donuts to anyone who knows how to handle this one! Using Portal 5.03 in an Internet setting (City home page) and we use the "Hosted Display Mode" to serve some of our vendor applications (such as online class registration) through the gateway so that it comes up inside the portal.This works fine until you get to a page being served via SSL. What happens is that many of the objects on the pages (images, javascript, etc) are being called via http instead of https. Some of the items come from the application itself, but a great number of these references come straight from the portal (things like helper javascript such as PTUtil.js)So my question becomes, is there anyway that the gateway can force every URL coming through to write out as https?
  ~Kevin.

• SSO to ITS through WebSEAL gives secure/non-secure messages

  Hi
  We running the following setup:
  EP6 SP14
  Stand-alone ITS 6.20 patch 18
  4.7 R/3 Enterprise
  TAM/WebSEAL 5.1
  We are running SSO through WebSEAL to the portal and everything seems to be working just fine.
  But when we try to access a transactional iView or an IAC iView running on the ITS server I get a pop-up message saying "This page contains both secure and nonsecure items."
  We are accessing WebSEAL through HTTPS, we are running HTTPS between WebSEAL and the portal and HTTP between WebSEAL and ITS.
  I have tried to access the ITS through WebSEAL without using the portal, and I still get the message. So it must be something between the WebSEAL and the ITS server.
  Does anybody have any ideas what is causing this?
  Cheers,
  Jacob Vennervald

  The "secure and non-secure" message, displayed when accessing ITS through WebSEAL when using IE and HTTPS, is caused by an empty source reference (<IFRAME ... SRC="" ...>) within the ITS menu page (...d_menu.html).
  The integration guide, available on the <a href="http://www-1.ibm.com/support/docview.wss?uid=swg24003605">IBM website</a> and the <a href="http://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/developerareas/ibm">SAP SDN</a>, contains the information on how to stop the message from appearing.
  The message should not be displayed when accessing ITS through WebSEAL using HTTP.
  Regards,
  Peter Tuton.

• SSL problems with "non-secure elements"

  hello all
  We have made a WEB application based on Tomcat and Apache Struts. We have setup with SSL.
  SSL goes to Apache HTTP server, which speaks with Tomcat via apj13.
  The problem is that IE sometimes shows error message "This page contains both secure and non-secure elements. Do you want to
  display non-sescure elements ?". I think it has to something with javascript, because after that error massage
  javascript doesnt work anymore. If I click javascript error icon, it says "access is denied".
  That erorr happens randomly, I cant repeat it at the same place.
  Can anyone help me somehow ?
  At what circumstances IE displays that error ? We use version 6.0
  Maris Orbidans

  It turned out to be a Micro$oft bug
  http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b269682
  It seems that IE 6.0 has the same bug as 5.5.
  SYMPTOMS
  When you are using Secure Sockets Layer (SSL) and you click a link, you may receive the following warning message:
  This page contains both secure and non secure items. Do you want to display the non secure items?

• Disable non secure items alert in apex

  Hi
  every time when a page in apex loads i see an alret
  This page contiains both secure and non secure items !! do yiu wnt to display non secure items ?
  Button Options ( Yes <> No <> Cancel )
  i dont wnt this to be happen , imean i would like to disable this alert
  pls advice
  thanks in advance
  Raj

  user13316561 wrote:
  Hi
  every time when a page in apex loads i see an alret
  This page contiains both secure and non secure items !! do yiu wnt to display non secure items ?
  Button Options ( Yes <> No <> Cancel )
  i dont wnt this to be happen , imean i would like to disable this alert
  pls advice
  thanks in advance
  Raj This is definitely a browser alert not an APEX one, essentially you have some component urls using HTTP and some using HTTPS, I've seen this with the standard Flash chart substitution strings, you will need to edit these to ensure they are consistent to your HTTPS domain.

• How to disable non secure port on Sun Java System Directory Server 5.2

  Hi, can someone tell me how to disable the non secure port 389 on the SJS Directory Server 5.2? I only see two options for the directory server to listen on the non secure port or both secure and non secure ports. I see that someone mentioned to change the port the loopback ip address but the gui doesn't allow that.
  Any help is appreciated.
  Thanks,
  Mike

  Yep! You can add the loopback address to the listen host attr, directly to the dse.ldif (insntace stopped of course) or ldapmodify the config entry