Mixing secured (HTTPS) and non-secured (HTTP) content in the samepage

[Daniel Frechette]

Hi,

Is it possible to have secured (SSL/HTTPS) and non-secured (HTTP)
content in the same page without breaking the security? I am developing
a secured reservation system in which the user can access Google Maps
(not secured). The map is embedded in the page and does not open in a
separate window.

What solution do you recommend? Use iframes? If so, how?

Thank you,

Daniel

 

[James Black]

If you have separate portal windows, one coming from http and the other
from https, then security won't be a problem, as the https window will
always be https.

You just need to get the URL for each window to come from the
appropriate URL.

 

[Thomas 'PointedEars' Lahn]

Is it possible to have secured (SSL/HTTPS) and non-secured (HTTP)
content in the same page without breaking the security?

That depends on how you want to define security. Sure it is possible to
mix resource retrieved via the encrypted and the unencrypted version of
the protocol. Security is then compromised such that the connection
for resources retrieved via unencrypted HTTP is unencrypted, while the
connections for resources retrieved via HTTPS (HTTP over SSL/TLS) are
encrypted.

I am developing a secured reservation system in which the user can access
Google Maps (not secured). The map is embedded in the page and does not
open in a separate window.

What solution do you recommend? Use iframes? If so, how?

You are off topic here. (It is irrelevant for your concerns that Google
Maps uses XML HTTP requests triggered by client-side scripting.)


PointedEars