Home page logo
/

basics logo Security Basics mailing list archives

Re: HTTPS vs encrypted frames in HTTP
From: Sasha <alserkli () inbox ru>
Date: Wed, 17 Dec 2003 21:12:00 +0200 (IST)

On Wed, 17 Dec 2003, b00 dog41 wrote:
The web site vendor claims they are secure because they encrypt the
frames with SSL vs encrypting the whole web page via HTTPS.  I have not
seen this before and am uncomfortable with the technique.  We can in
fact see the cert by right clicking on the frame and choosing
properties.
This can mean that they send encrypted messages over http, or that you
have browser window divided into frames, and on of the pages use https. I
guess the second explanation is the correct one.

My question:  Is frame encryption good enough?  Is there a method or
known vulnerabilities to entercept traffic.
Well, if you know url of the page you can as well open it in the separate
window. Unless there are bugs in you browser which allows a script from
one frame read values set in another frame and scripts in other frames
exploiting this bugs you have no problem.

Bottom line:  Should I be worried about this?
If you concerned with network interception -- NO.

Regards,
ASK


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault