Page 1 of 2 12 LastLast
Results 1 to 20 of 25

Thread: Not secure connection

  1. #1

    Default Not secure connection

    Hi. I'm trying to order VBAlinksDirectory. But there is a problem: In Chrome - there is an information that connection is not secure. See paypal.jpg image. Connection should be like on paypal_2.jpg image. What's wrong?

    Attachment 6418

    Attachment 6419

  2. #2
    Join Date
    Mar 2004
    Location
    A galaxy far, far away...
    Posts
    6,609

    Default

    Quote Originally Posted by waldvb View Post
    ... What's wrong? ...
    Both of those screen shots seem to be directly from PayPal's site; it might be best to ask them.

    If I *had* to guess, though, it would be that the vBa logo being shown on the screen is being served from a non-SSL enabled URL.

  3. #3

    Default

    Quote Originally Posted by KW802 View Post
    Both of those screen shots seem to be directly from PayPal's site; it might be best to ask them.

    If I *had* to guess, though, it would be that the vBa logo being shown on the screen is being served from a non-SSL enabled URL.
    I will not guess connection is secure or not. PayPal says - don't use suspicion links.

    I want to buy this script. Let me know how?

  4. #4
    Join Date
    Mar 2004
    Location
    A galaxy far, far away...
    Posts
    6,609

    Default

    Quote Originally Posted by waldvb View Post
    I will not guess connection is secure or not. PayPal says - don't use suspicion links.

    I want to buy this script. Let me know how?
    I just went through the check out using the current version of Chrome; my answer above is no longer a guess and is the correct answer.

    When getting to the screen above click on the lock icon in Chrome. You will a drop-box box explaining that you are connected via SSL but some elements of the screen are not using SSL. Right-click on the vBadvanced logo and then Inspect Element. You will see that the vBadvanced logo image is being served via "HTTP" instead of "HTTPS" like the rest of the elements on the page.

    Because it is an HTTPS URL being used but some elements on it are being displayed via HTTP then Chrome shows the lock icon image like that to show that not everything on the page is being served via SSL.

  5. #5
    Join Date
    Sep 2007
    Posts
    1,694

    Default

    Um, Kevin I think there is something going on here. I checked earlier and found the connection secure. I went back in Waterfox to get a screenshot and got warnings of the unencrypted content making the connection unsafe.

    Then went to check in Opera and got a PayPAl error message ---- can't connect try again later.

    Went back in using Opera and that now throws an insecure connection DO Not Proceed warning.

  6. #6

    Default

    Quote Originally Posted by KW802 View Post
    I just went through the check out using the current version of Chrome; my answer above is no longer a guess and is the correct answer.

    When getting to the screen above click on the lock icon in Chrome. You will a drop-box box explaining that you are connected via SSL but some elements of the screen are not using SSL. Right-click on the vBadvanced logo and then Inspect Element. You will see that the vBadvanced logo image is being served via "HTTP" instead of "HTTPS" like the rest of the elements on the page.

    Because it is an HTTPS URL being used but some elements on it are being displayed via HTTP then Chrome shows the lock icon image like that to show that not everything on the page is being served via SSL.
    It also says:

    "Your connection to Website is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page"

    So - I'm out - for now.

  7. #7
    Join Date
    Mar 2004
    Location
    A galaxy far, far away...
    Posts
    6,609

    Default

    Just tried again and I don't get an error from any of the below (except for the different lock icon in Chrome) on Windows 7....

    Chrome 17.0
    FireFox 11.0
    Interner Explorer (64-bit) 9.0

  8. #8
    Join Date
    Mar 2004
    Location
    A galaxy far, far away...
    Posts
    6,609

    Default

    Quote Originally Posted by waldvb View Post
    It also says:

    "Your connection to Website is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page"
    Yes, that "resource" is the vBa logo displayed at the top of the screen.

  9. #9
    Join Date
    Sep 2007
    Posts
    1,694

    Default

    Opera screenshot

  10. #10
    Join Date
    Mar 2004
    Location
    A galaxy far, far away...
    Posts
    6,609

    Default

    Quote Originally Posted by CareyCrew View Post
    Opera screenshot
    Same answer as above; it is serving mixed content.

  11. #11
    Join Date
    Sep 2007
    Posts
    1,694

    Default

    So remove the logo and all will be fixed .........

  12. #12

    Default

    Quote Originally Posted by KW802 View Post
    Same answer as above; it is serving mixed content.
    Make this connection 100% secure - not 99 % secure - no mixed content. Nobody will use 99% secure connection !!!!!!!! Will you log into your bank account with 99% secure connection? I don't think so.

  13. #13
    Join Date
    Mar 2004
    Location
    A galaxy far, far away...
    Posts
    6,609

    Default

    Quote Originally Posted by CareyCrew View Post
    So remove the logo and all will be fixed .........
    ... or have Brian throw up a SSL cert on his dedicated server so he can serve it via SSL. I *thought* (big emphasis on thought) that between him & Zachery that they did a self-signed cert some time ago on the server but that doesn't seem to be the case at the moment (going to https://www.vbadvanced.com in any browser is throwing an error for me).

    Either way I'll bring this thread to their attention in the Staff Forum for them to take a look at it.

  14. #14
    Join Date
    Mar 2004
    Location
    A galaxy far, far away...
    Posts
    6,609

    Default

    Quote Originally Posted by waldvb View Post
    Make this connection 100% secure - not 99 % secure - no mixed content. Nobody will use 99% secure connection !!!!!!!! Will you log into your bank account with 99% secure connection? I don't think so.
    You will find mixed content sites all over the internet. Heck, even Tweetdeck (https://web.tweetdeck.com) owned by Twitter is showing mixed content and has the same icon & message as what you're seeing with PayPal.

    With PayPal it is a matter of trust... do you trust the "PayPal.com" domain? If the answer is yes then proceed as normal. If the answer is no then submit a private Support Ticket and you can arrange alternate payment information with Brian directly.

  15. #15

    Default

    Quote Originally Posted by KW802 View Post
    You will find mixed content sites all over the internet. Heck, even Tweetdeck (https://web.tweetdeck.com) owned by Twitter is showing mixed content and has the same icon & message as what you're seeing with PayPal.

    With PayPal it is a matter of trust... do you trust the "PayPal.com" domain? If the answer is yes then proceed as normal. If the answer is no then submit a private Support Ticket and you can arrange alternate payment information with Brian directly.
    I don't use 99% secure connections. Never. Remember: "This page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page."

    Doesn't matter I trust Paypal.com or not. The connection is insecure.

  16. #16
    Join Date
    Mar 2004
    Location
    A galaxy far, far away...
    Posts
    6,609

    Default

    Quote Originally Posted by waldvb View Post
    I don't use 99% secure connections. Never. Remember: "This page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page."

    Doesn't matter I trust Paypal.com or not. The connection is insecure.
    The connection to PayPal.com is quite secure; the connection to the logo displayed on the page is not. There is no other way I can explain that.

    As mentioned above, if you submit a private Support Ticket you can arrange with Brian directly an alternate manual payment method in the interim while the matter with displaying the logo on the PayPal page is resolved.

  17. #17

    Default

    Quote Originally Posted by KW802 View Post
    The connection to PayPal.com is quite secure; the connection to the logo displayed on the page is not. There is no other way I can explain that.

    As mentioned above, if you submit a private Support Ticket you can arrange with Brian directly an alternate manual payment method in the interim while the matter with displaying the logo on the PayPal page is resolved.
    You don't understand. Connection is insecure because of this logo. Logo is displayed on the PayPal page without SSL - no https://
    http://www.vbadvanced.com/forum/imag..._logo_grey.gif

    And once again:
    "These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page."

    This is why this connection is insecure.

    Thank for your time.

  18. #18
    Join Date
    Mar 2004
    Location
    A galaxy far, far away...
    Posts
    6,609

    Default

    Quote Originally Posted by waldvb View Post
    You don't understand. Connection is insecure because of this logo. Logo is displayed on the PayPal page without SSL - no https://
    http://www.vbadvanced.com/forum/imag..._logo_grey.gif
    Have you read any of my response above?

  19. #19

    Default

    Quote Originally Posted by KW802 View Post
    Have you read any of my response above?
    Yes I did. But you're still saying - connection is secure - I'm saying - connection is insecure. We both agree - the logo is the problem.

  20. #20
    Join Date
    Mar 2004
    Location
    A galaxy far, far away...
    Posts
    6,609

    Default

    Quote Originally Posted by waldvb View Post
    Yes I did. But you're still saying - connection is secure - I'm saying - connection is insecure. We both agree - the logo is the problem.
    The connection to PayPal.com is secure. Displaying the graphic from vbadvanced.com over HTTP does not change that fact.

    When you connect to a web page your browser is making several connections at once. The primary connection is the URL that you see in the browser bar. That connection is serving the HTML page that is being displayed. Within that HTML page it might be displaying elements, such as graphics for a logo, from a completely different URL. You don't see that URL in your browser bar but you will see it if you view the source of the page. When that graphic is being displayed your browser is making a different connection in order to retrieve & display the graphic. That connection is not shared with the primary connection that is shown in the browser bar to display the HTML page. There is no communications going on from that image to PayPal, it is only being served (displayed) within your browser.

    In the case of the PayPal page shown above (or web.tweetdeck.com if you are logged in) that means the connection to PayPal.com is secure but within the browser window that is being served by the secure connection to your PC there other connections going on displaying non-secure things such as the graphic. Since your browser primary connection is the PayPal page, which is secure, it is giving you an alert that even though the page your are viewing is being served securely that some elements that are being displayed within it or not.

    Now since we know PaPal.com is being served over SSL (https) then any possible security risks are what isn't. In this case only one thing within the HTML page is not, the image from the vbadvanced.com URL. If you viewed the source and saw a connection to a URL that you have never seen before and have no idea what it is, then, yes, there would be a reason for concern since it would mean that something on the PayPal page might have been compromised. Or if you saw something that seems unusual, such as an image being displayed but with variables being passed into it in the URL, then that also would be a concern since it means somebody is serving executable code on their server using an extension usually used for images. None of that though is going on. The only thing there is a single image from vbadvanced.com that is a dedicated server and is locked down. Everything else on the page is being served by PayPal through its secure connection.

    Going forward I've already posted in the vBa staff forum to bring this topic to the attention of the owner of vBa, Brian, and his primary server tech person, Zachery. They will work on a resolution in case there is ever another situation such as this (to my knowledge, it is the first report of anybody being concerned about it). In the interim if you think the single image from vBadvanced.com is suspicious then submit the support ticket so that an alternate manual payment can be worked out.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Keeping modules folder secure
    By JamboGal in forum "How Do I..." Questions
    Replies: 1
    Last Post: 10-30-2006, 12:49 PM
  2. modules : last programs for Secure Downloads
    By aleppos in forum Add-On Modules & Modifications
    Replies: 1
    Last Post: 12-28-2005, 11:50 PM
  3. Secure files
    By rforaker in forum Chit Chat
    Replies: 2
    Last Post: 07-30-2005, 04:10 PM
  4. [req] module for Secure Downloads 2.0.1 (latest downloads)
    By alfata in forum Add-On Modules & Modifications
    Replies: 0
    Last Post: 01-25-2005, 11:00 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •