- From: Yngve N. Pettersen (Developer Opera Software ASA) <yngve@opera.com>
- Date: Sat, 26 May 2007 20:16:32 +0200
- To: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
On Tue, 15 May 2007 22:29:30 +0200, Yngve N. Pettersen (Developer Opera Software ASA) <yngve@opera.com> wrote: > > Hello all, > > I have just put my proposals about "what a secure page is" on the Wiki > > http://www.w3.org/2006/WSC/wiki/WhatIsASecurePage > > Some may disagree with several of the suggestions, or have doubts about > them ever being adopted. And yet more bad examples. - Go to the Hilton homepage http://www.hilton.com/ - Click on reservations in the top toolbar - You are taken to a secure page - Over on the right hand side there is a "find a hotel" section - Fill in city, state, dates etc. - Click the "search" button - Your query will now be POSTed to an unsecure server. Browser actions: - Opera and FF 1.5 warns about this, the warnings cannot be disabled. - IE6 only seem to warn when unsecure form submit warning is enabled or the http->https or vice versa dialog is enabled. (these dialogs are quite likely to be disabled by the user after the first couple of times they have seen it) My problem with this form is not that the query is sensitive, it isn't really that sensitive (although I prefer such queries to be secure anyway), but that it changes from secure to unsecure during form submit without any prior indication to the user. -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************
Received on Saturday, 26 May 2007 18:16:56 UTC