GeekPolice Tech TutorialsLog in

 


Share

descriptionBrowser Warning Icon on Insecure Web Forms  EmptyBrowser Warning Icon on Insecure Web Forms

more_horiz
Browser Warning Icon on Insecure Web Forms
Google and Mozilla have released their helpful and hurtful (for developers) upgrades. These upgrades are to improve the overall security on the Internet...
You may have observed the following icon in Firefox:Browser Warning Icon on Insecure Web Forms  F0ce1aa53a844280bca54bab521e2414

How about this icon saying "Not Secure" in Chrome:Browser Warning Icon on Insecure Web Forms  45809c0ca0a24280bdd9d3b426b92509
Chrome 56 and Firefox 51 will be displaying a message in the address bar that a page is insecure if it has password or personally identifiable information fields (such as credit card). If you have not seen these updates, then check for updates in your Web Browser(s) (usually accomplished by pressing options > Help > About {browser name}).

Please note: There are other security updates in this browser update for each browser; therefore, avoiding the upgrade is not a good idea, because it will leave you vulnerable.

In case anyone (even I did) gets any ideas to place a password or personal info field on a HTTP page and allow it to be submitted over a secure (HTTPS) connection. However, this is, in practice, unsafe, as hackers and eavesdroppers can track the information sent into the request and obtain the information anyway.

Apparently, this is only the beginning of what's planned. Eventually, both browsers will display a "Not Secure" message beside/adjacent password fields and other fields that should be secured to protect private information. In addition, Mozilla will plan to use the padlock with red line through it for every HTTP page, and Google will include Not Secure message in the address bar for every HTTP page as well.

Mozilla wrote:
Firefox will display a lock icon with red strike-through red strikethrough icon in the address bar when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password it could be stolen by eavesdroppers and attackers.

Noted on their help page here

How do you remove this message from your website's pages? Mozilla says, "In order to host content over HTTPS, you need a TLS Certificate from a Certificate Authority. Let’s Encrypt is a Certificate Authority that can issue you free certificates."




OTHER REFERENCE NOTES:
Browser Warning Icon on Insecure Web Forms  L1VU0pNtX3SttI8E4FkpQtjm0wC0x_rlFWGSoTa3X2T_aVBETBx2QZr6udH3Zs7mEZR4ZFfTpLU1eDBonccHZTVTQAWUK21_LNbjDjg36HUkNSLN4bwhSrQYiccmIKb4VkE5WKS2

Google has published this guide:

Google wrote:
HTTPS is easier and cheaper than ever before , and enables both the best performance the web offers and powerful new features that are too sensitive for HTTP. Check out our set-up guides to get started.


Please discuss this below to let us know what techniques you are using to improve your own site, or let us know your thoughts on this endeavor by these big two browsers.

descriptionBrowser Warning Icon on Insecure Web Forms  EmptyRe: Browser Warning Icon on Insecure Web Forms

more_horiz
I dont gotta worry cuz I use Opera c:
Permissions in this forum:
You cannot reply to topics in this forum