Home page logo

basics logo Security Basics mailing list archives

HTTPS vs encrypted frames in HTTP
From: b00 dog41 <b00dog41 () hushmail com>
Date: 17 Dec 2003 15:05:43 -0000

Hello all,

Hope this is the correct forum to post. I have an commercial website my company uses for purchases.  We have made our 
users aware of checking that the sites they purchased from use HTTPS.  A user called because this site does not use 
HTTPs in the user profile (credit card entry/edit and shopping cart areas).  

The web site vendor claims they are secure because they encrypt the frames with SSL vs encrypting the whole web page 
via HTTPS.  I have not seen this before and am uncomfortable with the technique.  We can in fact see the cert by right 
clicking on the frame and choosing properties.

My question:  Is frame encryption good enough?  Is there a method or known vulnerabilities to entercept traffic.

Bottom line:  Should I be worried about this?

Any information would be greatly appreciated.... 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]