[Date Prev][Date Next][Thread Prev][][Date Index][Thread Index]

Re: New user observations



TSUCHIYA Masatoshi writes ("[emacs-w3m:08591] Re: New user observations"):
> >2) emacs-w3m seems to be a bit too inquisitive.  Is it really
> > necessary to ask "You are leaving secure page.  Continue? " every
> > time you leave a secure page?  Has anybody ever answered "n" to
> > that question?  If you're afraid that the user doesn't know whether
> > they are on a secure page or not, then I'd suggest displaying this
> > in a more obvious way then a few pixels being red on the menu bar.
 sounds a good idea, and I am going to consider it.

The above question is very important in my opinion and most browsers
ask it by default although it can often be turned off which is
probably a bad idea however. 

Assume you are submitting a form which was served to you via a secure
connection. The security of your form data does not depend on the
security of the page containing the form, but on the security of the
page you will POST it too, which do not have to be the same. The
above message will alert you of the case where the "Submit" button of
a form on a page served via SSL leads to an unencrypted page. It is
otherwise hard to tell that this happens without inspecting the page
source code. In general, it prevents you from leaving an encrypted
"session" by mistake. 

Best regards, Lukas