Submit Your Article Forum Rules

Results 1 to 5 of 5

Thread: Non encrypted shopping?

  1. #1
    Junior Member
    Join Date
    Nov 2009
    Posts
    2

    Non encrypted shopping?

    I was about to buy something online and noticed that there was no secure lock icon displayed. The page uses the https protocol, and "store.yahoo.net" is in the url. They claim in their help section that its secure, however my browser says the the site does not supply identity information and the connection is not encrypted. I did not submit any card information, and contacted them about the issue. Since its the weekend, I probably won't get a response for a couple days.

    Maybe someone here can tell me what might be going on with that site (toygroove). It looks like business, but isn't acting like one.

  2. #2
    WebProWorld MVP
    Join Date
    Aug 2003
    Posts
    1,020

    Re: Non encrypted shopping?

    It looks like only the payment page uses SSL which is fine, the issue is that they are loading the images from a non-SSL source so you have a partially protected page.

    Really all that matters is that the form posts the information to the server over SSL anything else is just fluff to make shoppers feel warm an fuzzy inside.

  3. #3
    Junior Member
    Join Date
    Nov 2009
    Posts
    2

    Re: Non encrypted shopping?

    I've set my browser to prompt before submitting non-encrypted form data, just to double check. Thanks.

  4. #4
    WebProWorld MVP wige's Avatar
    Join Date
    Jun 2006
    Posts
    2,981

    Re: Non encrypted shopping?

    Quote Originally Posted by speed View Post
    It looks like only the payment page uses SSL which is fine, the issue is that they are loading the images from a non-SSL source so you have a partially protected page.
    This is really a Yahoo issue, rather than something that the store in question will be able to deal with. Because the checkout page includes elements of the original site (which does not have an SSL certificate) the page can't be fully authenticated. Different browsers handle this in different ways; IE just pretends the page isn't encrypted at all, Firefox shows an alert over the lock symbol, Chrome shows a warning in place of the lock, etc.

    Quote Originally Posted by speed View Post
    Really all that matters is that the form posts the information to the server over SSL anything else is just fluff to make shoppers feel warm an fuzzy inside.
    In practice, it is generally desired that every element on the page be authenticated - otherwise, in theory at least, components being included over HTTP could "leak" secured information such as tracking cookies, allowing an attacker to alter your transaction (session hijacking) or view personally identifiable information as it passes from one site to the other (man in the middle attack).
    The best way to learn anything, is to question everything.
    Hidden Content

  5. #5
    WebProWorld MVP Clint1's Avatar
    Join Date
    Jun 2003
    Location
    Sitting down in a chair
    Posts
    2,225

    Re: Non encrypted shopping?

    Quote Originally Posted by eveshopper View Post
    I was about to buy something online and noticed that there was no secure lock icon displayed. The page uses the https protocol, and "store.yahoo.net" is in the url. They claim in their help section that its secure, however my browser says the the site does not supply identity information and the connection is not encrypted. I did not submit any card information, and contacted them about the issue. Since its the weekend, I probably won't get a response for a couple days.

    Maybe someone here can tell me what might be going on with that site (toygroove). It looks like business, but isn't acting like one.
    It's secure. (In IE) Just right click the page & "Properties" and you'll see something like this:

    TLS 1.0, RC4 with 128 bit encryption (High); RSA with 1024 bit exchange

    Click the "Details" button and you'll see the certificate.

    On FF just click the padlock icon warning and see the details, or right click and "View page info" then "Security".

    Like Wige pointed out, sometimes you won't see the padlock icon in IE if there are something like images on the page that are not in a secure path, such as their header: http://www.toygroove.com/images/left01.gif

Similar Threads

  1. Encrypted HTML vs. spiders
    By CraigAllen in forum Search Engine Optimization Forum
    Replies: 7
    Last Post: 12-31-2009, 11:32 AM
  2. Greetings from GigaTribe (French encrypted P2P company)
    By johnarama in forum Introductions
    Replies: 0
    Last Post: 02-28-2007, 12:00 PM
  3. Encrypted FormMail
    By ambassador in forum Web Programming Discussion Forum
    Replies: 6
    Last Post: 05-18-2005, 04:12 PM
  4. HOW encrypted mails through a SSL formail / PHP??
    By michecosta in forum Web Programming Discussion Forum
    Replies: 0
    Last Post: 10-28-2003, 01:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •