This week's book giveaway is in the Design forum.
We're giving away four copies of Design for the Mind and have Victor S. Yocco on-line!
See this thread for details.
Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Can the padlock be spoofed?

 
Kumar Raja
Ranch Hand
Posts: 547
2
Hibernate Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

We know that on accessing https url, we see a small padlock icon on the bottom of the browser window. I'm curious if this padlock is set by the page designer when the page is designed, or would that be added by the browser, when it accesses a HTTPS url. Please clarify.
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's set by the browser, and indicates it retrieved the page over SSL. But that does NOT mean that if you see the padlock, any form you're going to submit will be encrypted: The form could have been retrieved in a frame that was loaded over HTTP, or a form submit could go to an HTTP URL. Either way - no encryption.
 
Kumar Raja
Ranch Hand
Posts: 547
2
Hibernate Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Ulf.

Are you saying that, just because the padlock is appearing on browser and the url is listed as https, the form submitted need not be over ssl. How can this be possible? Can you please explain that ?
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I mentioned two ways in which this can happen. Did you have questions about one or the other in particular?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic