Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

force certain sites to use https?

microsoft.public.internetexplorer.general






Speedup My PC
Reply
  #1 (permalink)  
Old 06-07-2010
james
 

Posts: n/a
force certain sites to use https?
Some sites with login should use https but is optional (I guess to save CPU
time).

Is there a way to automatically force IE8 into https whenever I'm on that
site?

I know firefox has an extension that does this, but since I use both
browsers, I need IE8 to do this as well.

Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 06-07-2010
VanguardLH
 

Posts: n/a
Re: force certain sites to use https?
james wrote:

> Some sites with login should use https but is optional (I guess to save CPU
> time).
>
> Is there a way to automatically force IE8 into https whenever I'm on that
> site?
>
> I know firefox has an extension that does this, but since I use both
> browsers, I need IE8 to do this as well.


You cannot force a server to handshake for a protocol it does not
support despite any extension you may install in the client.

That the login web page delivered to you is unsecured is unimportant.
That content doesn't need to be secured since nothing delivered to you
is sensitive. It is the login credentials that you send back to the
server that needs to be secured. If the web form data is sent to a
secured page then the handshaking needs to be performed for the secured
channel before the data can be sent. So you have to see to where the
web form data gets sent. The web page YOU get doesn't need to be
secured because it has no login data. The web page to where you *send*
your login credentials is what needs to be secured to protect your data.

As an example, the login page to Windows Live Hotmail is not secured
because none of the login credentials were delivered to you, just the
web form where you enter those login credentials. When you submit that
form data, it goes to a secure page. The secured connection must be
established before your login credentials get sent so they are
protected.

Without knowing what login page you are asking about, no one knows how
the login credentials are transferred. Look at the code for the login
web page to see to where the form data gets submitted. Bet it's an
http:// web page.
Reply With Quote
  #3 (permalink)  
Old 06-07-2010
Jeff Strickland
 

Posts: n/a
Re: force certain sites to use https?

"james" <nospam@nospam.com> wrote in message
news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
> Some sites with login should use https but is optional (I guess to save
> CPU time).
>
> Is there a way to automatically force IE8 into https whenever I'm on that
> site?
>
> I know firefox has an extension that does this, but since I use both
> browsers, I need IE8 to do this as well.



HTTPS is controlled by the server you are visiting, not the machine that you
are using.







Reply With Quote
  #4 (permalink)  
Old 06-07-2010
Rob
 

Posts: n/a
Re: force certain sites to use https?
Jeff Strickland <crwlrjeff@yahoo.com> wrote:
>
> "james" <nospam@nospam.com> wrote in message
> news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
>> Some sites with login should use https but is optional (I guess to save
>> CPU time).
>>
>> Is there a way to automatically force IE8 into https whenever I'm on that
>> site?
>>
>> I know firefox has an extension that does this, but since I use both
>> browsers, I need IE8 to do this as well.

>
>
> HTTPS is controlled by the server you are visiting, not the machine that you
> are using.


This is of course incorrect. The use of HTTPS is determined by the URL,
hence by the user.

When you want some extension that (for certain sites) allows a
https://sitename URL and not the http://sitename URL, you may be able
to avoind insecure connections to sites that offer both options.
Reply With Quote
  #5 (permalink)  
Old 06-07-2010
Jeff Strickland
 

Posts: n/a
Re: force certain sites to use https?

"Rob" <nomail@example.com> wrote in message
news:slrni0q5t0.vk4.nomail@xs8.xs4all.nl...
> Jeff Strickland <crwlrjeff@yahoo.com> wrote:
>>
>> "james" <nospam@nospam.com> wrote in message
>> news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
>>> Some sites with login should use https but is optional (I guess to save
>>> CPU time).
>>>
>>> Is there a way to automatically force IE8 into https whenever I'm on
>>> that
>>> site?
>>>
>>> I know firefox has an extension that does this, but since I use both
>>> browsers, I need IE8 to do this as well.

>>
>>
>> HTTPS is controlled by the server you are visiting, not the machine that
>> you
>> are using.

>
> This is of course incorrect. The use of HTTPS is determined by the URL,
> hence by the user.
>
> When you want some extension that (for certain sites) allows a
> https://sitename URL and not the http://sitename URL, you may be able
> to avoind insecure connections to sites that offer both options.


But the secure or insecure -- unsecure -- sites are dictated by the site,
not the address one uses. Just because I go to https://website.com does not
mean I will go to a secure site if it is not available. That is, if the
server at the address I input is not secured, it does not matter that I
typed in a secure address.

The vast majority of people that get to secure sites get there through a
re-direct of some sort. For example, you are at Amazon.com and have selected
a couple of books and want to check out. When you click on Checkout, you are
redirected to a secure Amazon site where your information is encrypted so
your credit card is not revealed to hackers and other scoundrels.

Why else would a site go secure? Surely they would not secure the pages of
inventory they offer for sale, or the news articles they want you to read.





Reply With Quote
  #6 (permalink)  
Old 06-07-2010
Jeff Strickland
 

Posts: n/a
Re: force certain sites to use https?

"Rob" <nomail@example.com> wrote in message
news:slrni0q5t0.vk4.nomail@xs8.xs4all.nl...
> Jeff Strickland <crwlrjeff@yahoo.com> wrote:
>>
>> "james" <nospam@nospam.com> wrote in message
>> news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
>>> Some sites with login should use https but is optional (I guess to save
>>> CPU time).
>>>
>>> Is there a way to automatically force IE8 into https whenever I'm on
>>> that
>>> site?
>>>
>>> I know firefox has an extension that does this, but since I use both
>>> browsers, I need IE8 to do this as well.

>>
>>
>> HTTPS is controlled by the server you are visiting, not the machine that
>> you
>> are using.

>
> This is of course incorrect. The use of HTTPS is determined by the URL,
> hence by the user.
>
> When you want some extension that (for certain sites) allows a
> https://sitename URL and not the http://sitename URL, you may be able
> to avoind insecure connections to sites that offer both options.



And, I couldn't help but notice that you ignored the OP and didn't even
begin to address his concerns.








Reply With Quote
  #7 (permalink)  
Old 06-08-2010
VanguardLH
 

Posts: n/a
Re: force certain sites to use https?
Rob wrote:

> Jeff Strickland <crwlrjeff@yahoo.com> wrote:
>>
>> james wrote ...
>>
>>> Some sites with login should use https but is optional (I guess to
>>> save CPU time). Is there a way to automatically force IE8 into
>>> https whenever I'm on that site? I know firefox has an extension
>>> that does this, but since I use both browsers, I need IE8 to do
>>> this as well.

>>
>> HTTPS is controlled by the server you are visiting, not the machine that you
>> are using.

>
> This is of course incorrect. The use of HTTPS is determined by the URL,
> hence by the user.


Bwaahaahaahaa. Thanks for the giggles. URLs are nothing but text
strings. Something has to use them. Yes, your client uses the URL
along with a DNS server (if not using IP addresses) to find the target
host. Whether or not your client can establish an SSL connect depends
entirely on the server. You don't get a choice. If they don't have SSL
support, you putting https: in your client's address bar won't magically
make the server establish an SSL connect.

Connecting to a web page using http: does not specify whether the form
data that gets submitted is non-secure or secure. You have to look at
the HTML code for where the form data gets submitted. If it gets
submitted to an https: site then the secure connection has to be
established before sending your login credentials. So it is entirely
possible that you web page that gets delivered to you (which doesn't
have to be secure because there isn't any sensitive data yet in it) uses
http: whereas your login credentials entered in a form get submitted
using https: so it is secure.

Users were initially trained to expect a padlock icon to let them know
that their submitted data was secured. That lack of the padlock means
many users believe that the form data is not secured in its
transmission. It's a crutch that misrepresents how the data may be
secured or not. You have to see TO where your data gets submitted, not
FROM where you get the web page where you fill out its fields. It's
entirely possible that you get a page via https: but the data gets
submitted via http: so what you thought was secure really wasn't.
Reply With Quote
  #8 (permalink)  
Old 06-08-2010
james
 

Posts: n/a
Re: force certain sites to use https?
>
> Without knowing what login page you are asking about, no one knows how
> the login credentials are transferred. Look at the code for the login
> web page to see to where the form data gets submitted. Bet it's an
> http:// web page.


One such site is http://hammertap.auctionstealer.com/secure/login.cfm which
is an ebay sniping service
If I change the above URL to start with https, the username and password may
still be sent in clear text?

How do I see where the form is submitted, I right click and "view source",
then what do I look for?

Reply With Quote
  #9 (permalink)  
Old 06-08-2010
Rob
 

Posts: n/a
Re: force certain sites to use https?
VanguardLH <V@nguard.LH> wrote:
> Rob wrote:
>
>> Jeff Strickland <crwlrjeff@yahoo.com> wrote:
>>>
>>> james wrote ...
>>>
>>>> Some sites with login should use https but is optional (I guess to
>>>> save CPU time). Is there a way to automatically force IE8 into
>>>> https whenever I'm on that site? I know firefox has an extension
>>>> that does this, but since I use both browsers, I need IE8 to do
>>>> this as well.
>>>
>>> HTTPS is controlled by the server you are visiting, not the machine that you
>>> are using.

>>
>> This is of course incorrect. The use of HTTPS is determined by the URL,
>> hence by the user.

>
> Bwaahaahaahaa. Thanks for the giggles. URLs are nothing but text
> strings. Something has to use them. Yes, your client uses the URL
> along with a DNS server (if not using IP addresses) to find the target
> host. Whether or not your client can establish an SSL connect depends
> entirely on the server. You don't get a choice. If they don't have SSL
> support, you putting https: in your client's address bar won't magically
> make the server establish an SSL connect.


You did not get it.

When the server allows the choice between http and https, the URL
and thus the user determines what you get.
The user may want to avoid mistakenly using http instead of https.

That is what the OP was asking about.
Reply With Quote
  #10 (permalink)  
Old 06-08-2010
Rob
 

Posts: n/a
Re: force certain sites to use https?
Jeff Strickland <crwlrjeff@yahoo.com> wrote:
>
> "Rob" <nomail@example.com> wrote in message
> news:slrni0q5t0.vk4.nomail@xs8.xs4all.nl...
>> Jeff Strickland <crwlrjeff@yahoo.com> wrote:
>>>
>>> "james" <nospam@nospam.com> wrote in message
>>> news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
>>>> Some sites with login should use https but is optional (I guess to save
>>>> CPU time).
>>>>
>>>> Is there a way to automatically force IE8 into https whenever I'm on
>>>> that
>>>> site?
>>>>
>>>> I know firefox has an extension that does this, but since I use both
>>>> browsers, I need IE8 to do this as well.
>>>
>>>
>>> HTTPS is controlled by the server you are visiting, not the machine that
>>> you
>>> are using.

>>
>> This is of course incorrect. The use of HTTPS is determined by the URL,
>> hence by the user.
>>
>> When you want some extension that (for certain sites) allows a
>> https://sitename URL and not the http://sitename URL, you may be able
>> to avoind insecure connections to sites that offer both options.

>
>
> And, I couldn't help but notice that you ignored the OP and didn't even
> begin to address his concerns.


I think you just don't understand what the OP is looking for.

E.g. a way to remind him to use https instead of http with gmail,
where it is optional to use either one.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
IE 7 signing into https sites VH1_user microsoft.public.internetexplorer.general 3 03-04-2010 06:07
https sites won't load tinzhaven Windows Vista Home Premium 3 11-23-2009 12:30
Cannot print from https:// (secure) sites Steven microsoft.public.internetexplorer.general 2 07-16-2009 13:38
Cannot access HTTPS government sites in IE Dane microsoft.public.internetexplorer.general 3 10-29-2008 22:46
Re: I can only see secure sites, https, on IE7 GangGreen microsoft.public.internetexplorer.general 3 08-25-2008 17:25




All times are GMT +1. The time now is 00:12.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120