Right now, I get a slashed https into browser, with the message:
Your connection to www.domain.com is encrypted with 256-bit encryption.
However, this page includes other resources which are not secure. These
resources can be viewed by others while in transit and can be modified
by an attacker to change the behavior of the page.
The /protected directory is a “virtual” one that does not exist in
reality. It is created by /index.php with some SEO technique.
In real life, the URL format is: index.php?protected
On Sat, Nov 19, 2011 at 01:46:54PM -0500, TECK wrote:
[…]
Right now, I get a slashed https into browser, with the message:
Your connection to www.domain.com is encrypted with 256-bit encryption.
However, this page includes other resources which are not secure. These
resources can be viewed by others while in transit and can be modified
by an attacker to change the behavior of the page.
This is because reply from the protected page includes links to
unprotected resources (most likely some javascript files). You
have to load other resources from https as well.