Guild site HTTPS question

[Jfitz]

I often get the following message when navigating the guild site -

 

"Do you want to view only the webpage content that was delivered securely?

 

 This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage"

 

I honestly do not worry about the guild site and security, but does anyone else see this?  I added the site to my 'trusted sites' (using IE) and I still see it.

 

 

 

 

[Beechwood Chip]

I've never seen it, and I use Firefox, Safari, and Chrome.

[PeteJr]

I use IE8 and do not see a warning on the Guild site.  I do see it on other sites from time to time.

[pghmyn]

As far as I know, HTTPS is used widely on sites with personal information stored and distributed. For example, my online banking website is coded under HTTPS.

 

Another way to look at it is this quote I just found:

 

"Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication. In practice, this provides a reasonable guarantee that one is communicating with precisely the web site that one intended to communicate with (as opposed to an imposter), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party."

[TerryMcK]

Hi John,

You can change the way IE8 warns you about changing between http and https sites by 

clicking the "Tools" button and selecting Internet Options.

Select the advanced tab and all the way toward the bottom you will see the option for "warn if changing between secure and non secure mode".

Uncheck it like the image.

 

 

[mikem]

When you see this message come up it indicates that there is at least one element of the page being open that isn't from HTTPS.  It could be a link to an image or embedded object that has http://url instead of https://url in it. In most cases it is benign, but I wouldn't give my credit card number to a site that has that message pop up.

[Jfitz]

Agreed Mike - I'm assuming it's just something benign.  I was just curious if anyone else sees it.

[mikem]

In this case, on the discount pages, the image of the piggy bank is using an http:// url, which is why you are getting that message.  Since the message gives you a yes/no option, use your judgement when best to say yes to blocking unsecured content on a secured page.

[TerryMcK]

Another thing you could change is this:

Try setting the   Disable mixed content  to Disable (it will be set at Prompt).   E.g. doubleclick on the security zone icon in the Status bar, or thru the internet options>security then click Custom Level... and find that option.  

 

It's in the Miscellaneous section and that is the first item which starts with M, so press M and the scroll down twice to see the option.

 

I use Chrome as it's far better than IE BTW

[Jfitz]

 

I use Chrome as it's far better than IE BTW

 

I know, but it's a work PC, and a lot of the internal sites I need to access are only supported with IE8.  *sigh*

[TerryMcK]

It's probably locked down a bit then with whatever the company has decided upon.

IT depts change all sort of settings and you will probably find that any changes you make will be overwritten by a group policy every 90 minutes. (I work in IT)

[Jfitz]

Thanks Terry. I'll just chalk it up to one of those things.  Getting the warning on TWWG site isn't too concerning. 

[thewoodwhisperer]

Just to clarify, the Guild site does not need HTTPS. The only pages that really need to be completely secure are the payment pages and the login page and both of them are. But we decided to make the entire site HTTPS just because we can. Since this wasn't always the case, there are very often items that are referenced, as MikeM described above, that are not HTTPS. Either an HTTPS version isn't available or we just haven't gotten around to changing the url manually. Either way, you will only see that on non-critical pages where only content is displayed. Browsers tend to display warnings when a page uses https but has some http items on it. It's a little like having an open pad lock on a door. If the pad lock isn't there at all, there are no warnings. If the pad lock is locked, there are no warnings. But an open pad lock sets off alarms. 

[thewoodwhisperer]

By the way, I fixed the piggy. If you notice other pages, just let me know. Most are quick fixes.

[Jfitz]

Thanks Marc.  As I said - no worries.  It was just something I noticed, and I was curious.