Re: Secure iFrames

[Tim Brown <tmb () 65535 com>]

On Tuesday 04 November 2014 01:43:45 Dave Pyper wrote:
> From a high-level, your design should start with the HTTP-served index.html
> page that redirects to an HTTPS-served index2.html that calls the remote
> HTTPS-served iFrame-embedded page(s). There are details that will be
> specific to your implementation, like protocol restrictions on index
> (HTTP-only) and index2 (HTTPS-only) files, and so forth that I won't go
> into. But for the sake of old-school simplicity, that's the model I
> recommend and use.

So what happens if someone MiTMs the redirect>? If Telnet is no longer 
acceptable, why is HTTP?

Tim
-- 
Tim Brown
<mailto:tmb () 65535 com>

Attachment: signature.asc
Description: This is a digitally signed message part.