force certain sites to use https?

Some sites with login should use https but is optional (I guess to save CPU
time).

Is there a way to automatically force IE8 into https whenever I'm on that
site?

I know firefox has an extension that does this, but since I use both
browsers, I need IE8 to do this as well.

james wrote:

> Some sites with login should use https but is optional (I guess to save CPU
> time).
>
> Is there a way to automatically force IE8 into https whenever I'm on that
> site?
>
> I know firefox has an extension that does this, but since I use both
> browsers, I need IE8 to do this as well.

You cannot force a server to handshake for a protocol it does not
support despite any extension you may install in the client.

That the login web page delivered to you is unsecured is unimportant.
That content doesn't need to be secured since nothing delivered to you
is sensitive. It is the login credentials that you send back to the
server that needs to be secured. If the web form data is sent to a
secured page then the handshaking needs to be performed for the secured
channel before the data can be sent. So you have to see to where the
web form data gets sent. The web page YOU get doesn't need to be
secured because it has no login data. The web page to where you *send*
your login credentials is what needs to be secured to protect your data.

As an example, the login page to Windows Live Hotmail is not secured
because none of the login credentials were delivered to you, just the
web form where you enter those login credentials. When you submit that
form data, it goes to a secure page. The secured connection must be
established before your login credentials get sent so they are
protected.

Without knowing what login page you are asking about, no one knows how
the login credentials are transferred. Look at the code for the login
web page to see to where the form data gets submitted. Bet it's an
http:// web page.

"james" <nospam@nospam.com> wrote in message
news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
> Some sites with login should use https but is optional (I guess to save
> CPU time).
>
> Is there a way to automatically force IE8 into https whenever I'm on that
> site?
>
> I know firefox has an extension that does this, but since I use both
> browsers, I need IE8 to do this as well.


HTTPS is controlled by the server you are visiting, not the machine that you
are using.

Jeff Strickland <crwlrjeff@yahoo.com> wrote:
>
> "james" <nospam@nospam.com> wrote in message
> news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
>> Some sites with login should use https but is optional (I guess to save
>> CPU time).
>>
>> Is there a way to automatically force IE8 into https whenever I'm on that
>> site?
>>
>> I know firefox has an extension that does this, but since I use both
>> browsers, I need IE8 to do this as well.
>
>
> HTTPS is controlled by the server you are visiting, not the machine that you
> are using.

This is of course incorrect. The use of HTTPS is determined by the URL,
hence by the user.

When you want some extension that (for certain sites) allows a
https://sitename URL and not the http://sitename URL, you may be able
to avoind insecure connections to sites that offer both options.

"Rob" <nomail@example.com> wrote in message
news:slrni0q5t0.vk4.nomail@xs8.xs4all.nl...
> Jeff Strickland <crwlrjeff@yahoo.com> wrote:
>>
>> "james" <nospam@nospam.com> wrote in message
>> news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
>>> Some sites with login should use https but is optional (I guess to save
>>> CPU time).
>>>
>>> Is there a way to automatically force IE8 into https whenever I'm on
>>> that
>>> site?
>>>
>>> I know firefox has an extension that does this, but since I use both
>>> browsers, I need IE8 to do this as well.
>>
>>
>> HTTPS is controlled by the server you are visiting, not the machine that
>> you
>> are using.
>
> This is of course incorrect. The use of HTTPS is determined by the URL,
> hence by the user.
>
> When you want some extension that (for certain sites) allows a
> https://sitename URL and not the http://sitename URL, you may be able
> to avoind insecure connections to sites that offer both options.

But the secure or insecure -- unsecure -- sites are dictated by the site,
not the address one uses. Just because I go to https://website.com does not
mean I will go to a secure site if it is not available. That is, if the
server at the address I input is not secured, it does not matter that I
typed in a secure address.

The vast majority of people that get to secure sites get there through a
re-direct of some sort. For example, you are at Amazon.com and have selected
a couple of books and want to check out. When you click on Checkout, you are
redirected to a secure Amazon site where your information is encrypted so
your credit card is not revealed to hackers and other scoundrels.

Why else would a site go secure? Surely they would not secure the pages of
inventory they offer for sale, or the news articles they want you to read.

"Rob" <nomail@example.com> wrote in message
news:slrni0q5t0.vk4.nomail@xs8.xs4all.nl...
> Jeff Strickland <crwlrjeff@yahoo.com> wrote:
>>
>> "james" <nospam@nospam.com> wrote in message
>> news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
>>> Some sites with login should use https but is optional (I guess to save
>>> CPU time).
>>>
>>> Is there a way to automatically force IE8 into https whenever I'm on
>>> that
>>> site?
>>>
>>> I know firefox has an extension that does this, but since I use both
>>> browsers, I need IE8 to do this as well.
>>
>>
>> HTTPS is controlled by the server you are visiting, not the machine that
>> you
>> are using.
>
> This is of course incorrect. The use of HTTPS is determined by the URL,
> hence by the user.
>
> When you want some extension that (for certain sites) allows a
> https://sitename URL and not the http://sitename URL, you may be able
> to avoind insecure connections to sites that offer both options.


And, I couldn't help but notice that you ignored the OP and didn't even
begin to address his concerns.

Rob wrote:

> Jeff Strickland <crwlrjeff@yahoo.com> wrote:
>>
>> james wrote ...
>>
>>> Some sites with login should use https but is optional (I guess to
>>> save CPU time). Is there a way to automatically force IE8 into
>>> https whenever I'm on that site? I know firefox has an extension
>>> that does this, but since I use both browsers, I need IE8 to do
>>> this as well.
>>
>> HTTPS is controlled by the server you are visiting, not the machine that you
>> are using.
>
> This is of course incorrect. The use of HTTPS is determined by the URL,
> hence by the user.

Bwaahaahaahaa. Thanks for the giggles. URLs are nothing but text
strings. Something has to use them. Yes, your client uses the URL
along with a DNS server (if not using IP addresses) to find the target
host. Whether or not your client can establish an SSL connect depends
entirely on the server. You don't get a choice. If they don't have SSL
support, you putting https: in your client's address bar won't magically
make the server establish an SSL connect.

Connecting to a web page using http: does not specify whether the form
data that gets submitted is non-secure or secure. You have to look at
the HTML code for where the form data gets submitted. If it gets
submitted to an https: site then the secure connection has to be
established before sending your login credentials. So it is entirely
possible that you web page that gets delivered to you (which doesn't
have to be secure because there isn't any sensitive data yet in it) uses
http: whereas your login credentials entered in a form get submitted
using https: so it is secure.

Users were initially trained to expect a padlock icon to let them know
that their submitted data was secured. That lack of the padlock means
many users believe that the form data is not secured in its
transmission. It's a crutch that misrepresents how the data may be
secured or not. You have to see TO where your data gets submitted, not
FROM where you get the web page where you fill out its fields. It's
entirely possible that you get a page via https: but the data gets
submitted via http: so what you thought was secure really wasn't.

>
> Without knowing what login page you are asking about, no one knows how
> the login credentials are transferred. Look at the code for the login
> web page to see to where the form data gets submitted. Bet it's an
> http:// web page.

One such site is http://hammertap.auctionstealer.com/secure/login.cfm which
is an ebay sniping service
If I change the above URL to start with https, the username and password may
still be sent in clear text?

How do I see where the form is submitted, I right click and "view source",
then what do I look for?

VanguardLH <V@nguard.LH> wrote:
> Rob wrote:
>
>> Jeff Strickland <crwlrjeff@yahoo.com> wrote:
>>>
>>> james wrote ...
>>>
>>>> Some sites with login should use https but is optional (I guess to
>>>> save CPU time). Is there a way to automatically force IE8 into
>>>> https whenever I'm on that site? I know firefox has an extension
>>>> that does this, but since I use both browsers, I need IE8 to do
>>>> this as well.
>>>
>>> HTTPS is controlled by the server you are visiting, not the machine that you
>>> are using.
>>
>> This is of course incorrect. The use of HTTPS is determined by the URL,
>> hence by the user.
>
> Bwaahaahaahaa. Thanks for the giggles. URLs are nothing but text
> strings. Something has to use them. Yes, your client uses the URL
> along with a DNS server (if not using IP addresses) to find the target
> host. Whether or not your client can establish an SSL connect depends
> entirely on the server. You don't get a choice. If they don't have SSL
> support, you putting https: in your client's address bar won't magically
> make the server establish an SSL connect.

You did not get it.

When the server allows the choice between http and https, the URL
and thus the user determines what you get.
The user may want to avoid mistakenly using http instead of https.

That is what the OP was asking about.

Jeff Strickland <crwlrjeff@yahoo.com> wrote:
>
> "Rob" <nomail@example.com> wrote in message
> news:slrni0q5t0.vk4.nomail@xs8.xs4all.nl...
>> Jeff Strickland <crwlrjeff@yahoo.com> wrote:
>>>
>>> "james" <nospam@nospam.com> wrote in message
>>> news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
>>>> Some sites with login should use https but is optional (I guess to save
>>>> CPU time).
>>>>
>>>> Is there a way to automatically force IE8 into https whenever I'm on
>>>> that
>>>> site?
>>>>
>>>> I know firefox has an extension that does this, but since I use both
>>>> browsers, I need IE8 to do this as well.
>>>
>>>
>>> HTTPS is controlled by the server you are visiting, not the machine that
>>> you
>>> are using.
>>
>> This is of course incorrect. The use of HTTPS is determined by the URL,
>> hence by the user.
>>
>> When you want some extension that (for certain sites) allows a
>> https://sitename URL and not the http://sitename URL, you may be able
>> to avoind insecure connections to sites that offer both options.
>
>
> And, I couldn't help but notice that you ignored the OP and didn't even
> begin to address his concerns.

I think you just don't understand what the OP is looking for.

E.g. a way to remind him to use https instead of http with gmail,
where it is optional to use either one.