encryption
Hi need some advice on encryption. I have used a page which Firefox claims to not be encrypted and no padlock appears. This is backed up by Opera and Internet Explorer. Information is being sent in plain text. The site claims to be secured by : thawte Is this site secure to send sensitve/financial details? The company says it is secure. Who is correct?
Thanks skip
All Replies (8)
URL of that page?
Does anyone else have any ideas? thanks skip
Ilungisiwe
bump again
Using the https protocol on that link shows a "connection partially encrypted" message) if you click the Site Identity Button on the location bar, most likely caused by images loaded via an insecure http link. See Tools > Page Info > Media
The reply from the company dealing with security of this web page is as follows:
We offer the colleges a white-label which is a completely secure bookings “window” which sits within their website on a page of their choosing. This is called an i-frame. We host everything within the window and take responsibility for its security. However the web page (and everything outside the window) remains part of the Wadham College website, hosted by them. Because of this, their web page does not show “https”,despite the fact that the booking process, which happens within the window, is completely encrypted and secure (as proven by the security padlock and Thawte certificate).
I confirm the Personal Details (and payment details) pages are both within the i-frame – so are completely secure and encrypted.
So is it secure....seams a bit of a strange way to do things and a little confusing!
Any response welcome Skip
You won't see the lock symbol anymore on Firefox 4.0.x and above. It's been replaced by the Site Identity button, so don't look for it.
You can replace it by installing this add-on, but it's only cosmetic: https://addons.mozilla.org/en-US/firefox/addon/padlock-icon/
What you can do to check their security is to start a booking which loads the i-frame. Then right click in there and choose "This Frame", "Open in new tab". See screenshot.
This take you to the booking site @ http://www.travelbookingnetwork.com/ From there, you can see what happens when the SSL site loads.
If websites open such a page in an iframe then an extension or anything else won't help you.
You can right click that iframe and inspect the Frame Info of that iframe (This Frame > View Frame Info) or open that frame in a new tab to check the security information in such a case.
Ilungisiwe