1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

force certain sites to use https?

Discussion in 'Internet Explorer' started by james, Jun 7, 2010.

  1. james

    james Flightless Bird

    Some sites with login should use https but is optional (I guess to save CPU
    time).

    Is there a way to automatically force IE8 into https whenever I'm on that
    site?

    I know firefox has an extension that does this, but since I use both
    browsers, I need IE8 to do this as well.
     
  2. VanguardLH

    VanguardLH Flightless Bird

    james wrote:

    > Some sites with login should use https but is optional (I guess to save CPU
    > time).
    >
    > Is there a way to automatically force IE8 into https whenever I'm on that
    > site?
    >
    > I know firefox has an extension that does this, but since I use both
    > browsers, I need IE8 to do this as well.


    You cannot force a server to handshake for a protocol it does not
    support despite any extension you may install in the client.

    That the login web page delivered to you is unsecured is unimportant.
    That content doesn't need to be secured since nothing delivered to you
    is sensitive. It is the login credentials that you send back to the
    server that needs to be secured. If the web form data is sent to a
    secured page then the handshaking needs to be performed for the secured
    channel before the data can be sent. So you have to see to where the
    web form data gets sent. The web page YOU get doesn't need to be
    secured because it has no login data. The web page to where you *send*
    your login credentials is what needs to be secured to protect your data.

    As an example, the login page to Windows Live Hotmail is not secured
    because none of the login credentials were delivered to you, just the
    web form where you enter those login credentials. When you submit that
    form data, it goes to a secure page. The secured connection must be
    established before your login credentials get sent so they are
    protected.

    Without knowing what login page you are asking about, no one knows how
    the login credentials are transferred. Look at the code for the login
    web page to see to where the form data gets submitted. Bet it's an
    http:// web page.
     
  3. Jeff Strickland

    Jeff Strickland Flightless Bird

    "james" <nospam@nospam.com> wrote in message
    news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
    > Some sites with login should use https but is optional (I guess to save
    > CPU time).
    >
    > Is there a way to automatically force IE8 into https whenever I'm on that
    > site?
    >
    > I know firefox has an extension that does this, but since I use both
    > browsers, I need IE8 to do this as well.



    HTTPS is controlled by the server you are visiting, not the machine that you
    are using.
     
  4. Rob

    Rob Flightless Bird

    Jeff Strickland <crwlrjeff@yahoo.com> wrote:
    >
    > "james" <nospam@nospam.com> wrote in message
    > news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
    >> Some sites with login should use https but is optional (I guess to save
    >> CPU time).
    >>
    >> Is there a way to automatically force IE8 into https whenever I'm on that
    >> site?
    >>
    >> I know firefox has an extension that does this, but since I use both
    >> browsers, I need IE8 to do this as well.

    >
    >
    > HTTPS is controlled by the server you are visiting, not the machine that you
    > are using.


    This is of course incorrect. The use of HTTPS is determined by the URL,
    hence by the user.

    When you want some extension that (for certain sites) allows a
    https://sitename URL and not the http://sitename URL, you may be able
    to avoind insecure connections to sites that offer both options.
     
  5. Jeff Strickland

    Jeff Strickland Flightless Bird

    "Rob" <nomail@example.com> wrote in message
    news:slrni0q5t0.vk4.nomail@xs8.xs4all.nl...
    > Jeff Strickland <crwlrjeff@yahoo.com> wrote:
    >>
    >> "james" <nospam@nospam.com> wrote in message
    >> news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
    >>> Some sites with login should use https but is optional (I guess to save
    >>> CPU time).
    >>>
    >>> Is there a way to automatically force IE8 into https whenever I'm on
    >>> that
    >>> site?
    >>>
    >>> I know firefox has an extension that does this, but since I use both
    >>> browsers, I need IE8 to do this as well.

    >>
    >>
    >> HTTPS is controlled by the server you are visiting, not the machine that
    >> you
    >> are using.

    >
    > This is of course incorrect. The use of HTTPS is determined by the URL,
    > hence by the user.
    >
    > When you want some extension that (for certain sites) allows a
    > https://sitename URL and not the http://sitename URL, you may be able
    > to avoind insecure connections to sites that offer both options.


    But the secure or insecure -- unsecure -- sites are dictated by the site,
    not the address one uses. Just because I go to https://website.com does not
    mean I will go to a secure site if it is not available. That is, if the
    server at the address I input is not secured, it does not matter that I
    typed in a secure address.

    The vast majority of people that get to secure sites get there through a
    re-direct of some sort. For example, you are at Amazon.com and have selected
    a couple of books and want to check out. When you click on Checkout, you are
    redirected to a secure Amazon site where your information is encrypted so
    your credit card is not revealed to hackers and other scoundrels.

    Why else would a site go secure? Surely they would not secure the pages of
    inventory they offer for sale, or the news articles they want you to read.
     
  6. Jeff Strickland

    Jeff Strickland Flightless Bird

    "Rob" <nomail@example.com> wrote in message
    news:slrni0q5t0.vk4.nomail@xs8.xs4all.nl...
    > Jeff Strickland <crwlrjeff@yahoo.com> wrote:
    >>
    >> "james" <nospam@nospam.com> wrote in message
    >> news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
    >>> Some sites with login should use https but is optional (I guess to save
    >>> CPU time).
    >>>
    >>> Is there a way to automatically force IE8 into https whenever I'm on
    >>> that
    >>> site?
    >>>
    >>> I know firefox has an extension that does this, but since I use both
    >>> browsers, I need IE8 to do this as well.

    >>
    >>
    >> HTTPS is controlled by the server you are visiting, not the machine that
    >> you
    >> are using.

    >
    > This is of course incorrect. The use of HTTPS is determined by the URL,
    > hence by the user.
    >
    > When you want some extension that (for certain sites) allows a
    > https://sitename URL and not the http://sitename URL, you may be able
    > to avoind insecure connections to sites that offer both options.



    And, I couldn't help but notice that you ignored the OP and didn't even
    begin to address his concerns.
     
  7. VanguardLH

    VanguardLH Flightless Bird

    Rob wrote:

    > Jeff Strickland <crwlrjeff@yahoo.com> wrote:
    >>
    >> james wrote ...
    >>
    >>> Some sites with login should use https but is optional (I guess to
    >>> save CPU time). Is there a way to automatically force IE8 into
    >>> https whenever I'm on that site? I know firefox has an extension
    >>> that does this, but since I use both browsers, I need IE8 to do
    >>> this as well.

    >>
    >> HTTPS is controlled by the server you are visiting, not the machine that you
    >> are using.

    >
    > This is of course incorrect. The use of HTTPS is determined by the URL,
    > hence by the user.


    Bwaahaahaahaa. Thanks for the giggles. URLs are nothing but text
    strings. Something has to use them. Yes, your client uses the URL
    along with a DNS server (if not using IP addresses) to find the target
    host. Whether or not your client can establish an SSL connect depends
    entirely on the server. You don't get a choice. If they don't have SSL
    support, you putting https: in your client's address bar won't magically
    make the server establish an SSL connect.

    Connecting to a web page using http: does not specify whether the form
    data that gets submitted is non-secure or secure. You have to look at
    the HTML code for where the form data gets submitted. If it gets
    submitted to an https: site then the secure connection has to be
    established before sending your login credentials. So it is entirely
    possible that you web page that gets delivered to you (which doesn't
    have to be secure because there isn't any sensitive data yet in it) uses
    http: whereas your login credentials entered in a form get submitted
    using https: so it is secure.

    Users were initially trained to expect a padlock icon to let them know
    that their submitted data was secured. That lack of the padlock means
    many users believe that the form data is not secured in its
    transmission. It's a crutch that misrepresents how the data may be
    secured or not. You have to see TO where your data gets submitted, not
    FROM where you get the web page where you fill out its fields. It's
    entirely possible that you get a page via https: but the data gets
    submitted via http: so what you thought was secure really wasn't.
     
  8. Rob

    Rob Flightless Bird

    VanguardLH <V@nguard.LH> wrote:
    > Rob wrote:
    >
    >> Jeff Strickland <crwlrjeff@yahoo.com> wrote:
    >>>
    >>> james wrote ...
    >>>
    >>>> Some sites with login should use https but is optional (I guess to
    >>>> save CPU time). Is there a way to automatically force IE8 into
    >>>> https whenever I'm on that site? I know firefox has an extension
    >>>> that does this, but since I use both browsers, I need IE8 to do
    >>>> this as well.
    >>>
    >>> HTTPS is controlled by the server you are visiting, not the machine that you
    >>> are using.

    >>
    >> This is of course incorrect. The use of HTTPS is determined by the URL,
    >> hence by the user.

    >
    > Bwaahaahaahaa. Thanks for the giggles. URLs are nothing but text
    > strings. Something has to use them. Yes, your client uses the URL
    > along with a DNS server (if not using IP addresses) to find the target
    > host. Whether or not your client can establish an SSL connect depends
    > entirely on the server. You don't get a choice. If they don't have SSL
    > support, you putting https: in your client's address bar won't magically
    > make the server establish an SSL connect.


    You did not get it.

    When the server allows the choice between http and https, the URL
    and thus the user determines what you get.
    The user may want to avoid mistakenly using http instead of https.

    That is what the OP was asking about.
     
  9. Rob

    Rob Flightless Bird

    Jeff Strickland <crwlrjeff@yahoo.com> wrote:
    >
    > "Rob" <nomail@example.com> wrote in message
    > news:slrni0q5t0.vk4.nomail@xs8.xs4all.nl...
    >> Jeff Strickland <crwlrjeff@yahoo.com> wrote:
    >>>
    >>> "james" <nospam@nospam.com> wrote in message
    >>> news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
    >>>> Some sites with login should use https but is optional (I guess to save
    >>>> CPU time).
    >>>>
    >>>> Is there a way to automatically force IE8 into https whenever I'm on
    >>>> that
    >>>> site?
    >>>>
    >>>> I know firefox has an extension that does this, but since I use both
    >>>> browsers, I need IE8 to do this as well.
    >>>
    >>>
    >>> HTTPS is controlled by the server you are visiting, not the machine that
    >>> you
    >>> are using.

    >>
    >> This is of course incorrect. The use of HTTPS is determined by the URL,
    >> hence by the user.
    >>
    >> When you want some extension that (for certain sites) allows a
    >> https://sitename URL and not the http://sitename URL, you may be able
    >> to avoind insecure connections to sites that offer both options.

    >
    >
    > And, I couldn't help but notice that you ignored the OP and didn't even
    > begin to address his concerns.


    I think you just don't understand what the OP is looking for.

    E.g. a way to remind him to use https instead of http with gmail,
    where it is optional to use either one.
     
  10. Rob

    Rob Flightless Bird

    Jeff Strickland <crwlrjeff@yahoo.com> wrote:
    >
    > "Rob" <nomail@example.com> wrote in message
    > news:slrni0q5t0.vk4.nomail@xs8.xs4all.nl...
    >> Jeff Strickland <crwlrjeff@yahoo.com> wrote:
    >>>
    >>> "james" <nospam@nospam.com> wrote in message
    >>> news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
    >>>> Some sites with login should use https but is optional (I guess to save
    >>>> CPU time).
    >>>>
    >>>> Is there a way to automatically force IE8 into https whenever I'm on
    >>>> that
    >>>> site?
    >>>>
    >>>> I know firefox has an extension that does this, but since I use both
    >>>> browsers, I need IE8 to do this as well.
    >>>
    >>>
    >>> HTTPS is controlled by the server you are visiting, not the machine that
    >>> you
    >>> are using.

    >>
    >> This is of course incorrect. The use of HTTPS is determined by the URL,
    >> hence by the user.
    >>
    >> When you want some extension that (for certain sites) allows a
    >> https://sitename URL and not the http://sitename URL, you may be able
    >> to avoind insecure connections to sites that offer both options.

    >
    > But the secure or insecure -- unsecure -- sites are dictated by the site,
    > not the address one uses. Just because I go to https://website.com does not
    > mean I will go to a secure site if it is not available. That is, if the
    > server at the address I input is not secured, it does not matter that I
    > typed in a secure address.


    The user did not talk about a site where https is not available.
    He talked about a site where https is optional.

    Better read the question througly next time before you start to
    belittle others, Jeff!
     
  11. james

    james Flightless Bird

    >
    > Without knowing what login page you are asking about, no one knows how
    > the login credentials are transferred. Look at the code for the login
    > web page to see to where the form data gets submitted. Bet it's an
    > http:// web page.


    One such site is http://hammertap.auctionstealer.com/secure/login.cfm which
    is an ebay sniping service
    If I change the above URL to start with https, the username and password may
    still be sent in clear text?

    How do I see where the form is submitted, I right click and "view source",
    then what do I look for?
     
  12. VanguardLH

    VanguardLH Flightless Bird

    james wrote:

    > http://hammertap.auctionstealer.com/secure/login.cfm
    > https://hammertap.auctionstealer.com/secure/login.cfm


    The *server* does accept SSL connects to this web page when either the
    http: or https: protocol is specified. Normally when this is true (or
    whenever a non-secure and secure version of the login page [as
    delivered] is available), they provide a link to toggle between using
    http: or https: but I didn't see one here.

    Actually I'm wondering why you even started this discussion. The
    "Login" links on their home page go to the https: page so you should
    have seen a padlock to "imply" that the data entered there and sent back
    would be secure.

    A secure login page when being delivered to you doesn't have your login
    credentials. Having the padlock icon appear merely gives users a fuzzy
    warm feeling of being protected. It is when you SEND your login
    credentials that you want them to be secure, and that depends on WHERE
    that page's form data gets submitted.

    The form used in that login page has an action="login.cfm" attribute
    (instead of using submit=<href> where <href> is to where the form data
    gets sent, and would have to be an https: page for it to be secured). I
    suspect they use the script to validate that you entered strings for the
    username and password that comply with their requirements for those type
    of values. The "Login" button is an input control with submit=Login.cfm
    which is another server-side script. I didn't bother wasting more time
    for the reason listed below on investigating just what these scripts
    might do (but to have your login credentials sent securely means
    eventually those scripts would have to send the values entered in that
    web page to an https: page). You could always ask the web site owner or
    designer as to how they secure the transmission of your login
    credentials.

    Personally I would like to see eBay ban all sniping sites or users that
    are using sniping software. It fucks up the whole concept of an
    *auction*. From what they've told me, using "Best Offer" is the only
    means of killing off the automated snipers. By using "Buy It Now" along
    with "Best Offer", the user could immediately buy the item (no sniping
    required or even relevant) but those wanting to bid for a lower price
    would have to get permission from the seller (unless the seller
    specifies a max bid offer above which a bid is automatically accepted).
     
  13. VanguardLH

    VanguardLH Flightless Bird

    Rob wrote:

    > You did not get it.
    >
    > When the server allows the choice between http and https, the URL
    > and thus the user determines what you get.
    > The user may want to avoid mistakenly using http instead of https.
    >
    > That is what the OP was asking about.


    Oh, I got it. You didn't. Doesn't matter whether http or https is used
    to load the initial web page (whether intentionally or accidentally).
    What matters is to WHERE that form data gets sent. You getting the
    login page doesn't need to be secured. It doesn't have any login
    credentials in it yet. You typing in your login credentials in a web
    page rendered in a local web browsing client on your local host doesn't
    need to be secured because nothing of that web page's data has yet been
    sent anywhere. It's when you SEND that data that you want it secured so
    it depends on WHERE you send that data.
     
  14. Rob

    Rob Flightless Bird

    VanguardLH <V@nguard.LH> wrote:
    > Rob wrote:
    >
    >> You did not get it.
    >>
    >> When the server allows the choice between http and https, the URL
    >> and thus the user determines what you get.
    >> The user may want to avoid mistakenly using http instead of https.
    >>
    >> That is what the OP was asking about.

    >
    > Oh, I got it. You didn't. Doesn't matter whether http or https is used
    > to load the initial web page (whether intentionally or accidentally).
    > What matters is to WHERE that form data gets sent. You getting the
    > login page doesn't need to be secured. It doesn't have any login
    > credentials in it yet. You typing in your login credentials in a web
    > page rendered in a local web browsing client on your local host doesn't
    > need to be secured because nothing of that web page's data has yet been
    > sent anywhere. It's when you SEND that data that you want it secured so
    > it depends on WHERE you send that data.


    When you study the page at the URL he has provided, you will see that
    when the page is fetched using http, the login data will be posted using
    http, not https. So what you write above is irrelevant.

    But in the generic case it is not valid either. Many login pages will
    "remember" the username using a cookie. The request for the login page
    sends some cookie, and the returned login page has a default value for
    the username. When the login page is not a https page, the cookie and
    the returned username will be sent in the clear. You may not want that
    to happen.
     
  15. VanguardLH

    VanguardLH Flightless Bird

    Rob wrote:

    > When you study the page at the URL he has provided, you will see that
    > when the page is fetched using http,


    The fetched page doesn't need to be secured.

    > the login data will be posted using http, not https.


    And you know that how? The submit attribute on the input control runs
    a script. It would've been easier if it specified the target page of
    where to submit the values defined in the form but it doesn't.

    > So what you write above is irrelevant.


    You know what the login.cfm server-side script does? If so, please
    post a copy of that script here. THAT is what handles the values
    inputted into the form when the user clicks on the "Login" button. My
    guess is that it validates the username and password values (i.e.,
    checks syntax) and then submits the values to some site. Due to the
    nature of the web site, I wasn't interested in trying to yank a copy of
    the server-side login.cfm script to see what it does.

    Once you get the login.cfm script to know that *it* does with the form
    values, then you can tell the OP to just WHERE the form data gets sent.
    I saw no specified destination in the attributes for the <form> tag not
    in the <input> control with the submit attribute. I saw that it ran a
    script and that was as far as I was going to take it. I'm not
    interested in helping those that use services or software to snipe eBay
    auctions in the last 3 seconds and fuck up the real humans trying to
    submit bids there.
     
  16. Rob

    Rob Flightless Bird

    VanguardLH <V@nguard.LH> wrote:
    > Rob wrote:
    >
    >> When you study the page at the URL he has provided, you will see that
    >> when the page is fetched using http,

    >
    > The fetched page doesn't need to be secured.
    >
    >> the login data will be posted using http, not https.

    >
    > And you know that how? The submit attribute on the input control runs
    > a script. It would've been easier if it specified the target page of
    > where to submit the values defined in the form but it doesn't.
    >
    >> So what you write above is irrelevant.

    >
    > You know what the login.cfm server-side script does? If so, please
    > post a copy of that script here. THAT is what handles the values
    > inputted into the form when the user clicks on the "Login" button. My
    > guess is that it validates the username and password values (i.e.,
    > checks syntax)


    Probably that is what it does, but this is not relevant for the topic.
    The use of http/https only determines what goes on between the browser
    and the website, not what the website does with the posted information.
    On the server side, the information is decrypted and then processed.
    Any leaks on the server are not affected by the use of https.

    > and then submits the values to some site.


    I see no reason it submits the values to some other site.
    Why would it do that?

    >Due to the
    > nature of the web site, I wasn't interested in trying to yank a copy of
    > the server-side login.cfm script to see what it does.


    Even if you were interested, you would not be able to get a copy of
    a server-side script.

    > Once you get the login.cfm script to know that *it* does with the form
    > values, then you can tell the OP to just WHERE the form data gets sent.
    > I saw no specified destination in the attributes for the <form> tag not
    > in the <input> control with the submit attribute. I saw that it ran a
    > script and that was as far as I was going to take it. I'm not


    I have not seen evidence that the server-side script will forward the
    information somewhere else. It probably won't, it will do the validation
    and that's it.

    > interested in helping those that use services or software to snipe eBay
    > auctions in the last 3 seconds and fuck up the real humans trying to
    > submit bids there.


    That is a completely different topic unrelated to what is being discussed
    here.
     
  17. VanguardLH

    VanguardLH Flightless Bird

    Rob wrote:

    > VanguardLH wrote:
    >
    >> You know what the login.cfm server-side script does? If so, please
    >> post a copy of that script here. THAT is what handles the values
    >> inputted into the form when the user clicks on the "Login" button.
    >> My guess is that it validates the username and password values
    >> (i.e., checks syntax)

    >
    > Probably that is what it does, but this is not relevant for the
    > topic. The use of http/https only determines what goes on between the
    > browser and the website, not what the website does with the posted
    > information. On the server side, the information is decrypted and
    > then processed. Any leaks on the server are not affected by the use
    > of https.
    >
    >> and then submits the values to some site.

    >
    > I see no reason it submits the values to some other site. Why would
    > it do that?
    >
    >> Due to the nature of the web site, I wasn't interested in trying to
    >> yank a copy of the server-side login.cfm script to see what it does.

    >
    > Even if you were interested, you would not be able to get a copy of a
    > server-side script.
    >
    >> Once you get the login.cfm script to know that *it* does with the
    >> form values, then you can tell the OP to just WHERE the form data
    >> gets sent. I saw no specified destination in the attributes for the
    >> <form> tag not in the <input> control with the submit attribute. I
    >> saw that it ran a script and that was as far as I was going to take
    >> it. I'm not

    >
    > I have not seen evidence that the server-side script will forward the
    > information somewhere else. It probably won't, it will do the
    > validation and that's it.


    If you look at the HTML code, where in it does it specify to where the
    data gets sent? I saw no destination site specified (as in a URL for
    the form's data). It has to be in the script.

    <form action="login.cfm" method="post">

    The destination is specified by the action attribute.

    <input type="submit" value=" Login " tabindex="3">

    That's the submit button (with "<space>Login<space>" as its label).
    From http://www.w3schools.com/html/html_forms.asp:

    "When the user clicks on the "Submit" button, the content of the form is
    sent to the server. The form's action attribute defines the name of the
    file to send the content to. The file defined in the action attribute
    usually does something with the received input."

    The action attribute specifies the handler for the paired values from
    the form. I'm thinking that you might be right that since the login
    page used http: to get retrieved it that the posted data might also sent
    via http: because the reference to login.cfm is relative. It is not an
    absolute URI. If it had been "action=https://<somepath>/login.cfm" then
    the SSL connection would get made to get to that target so the data
    pairs sent there would be secured. I know that with Javascript which is
    delivered with the web page (via http) which runs local on your host
    using the web browser's interperter that it can send to an https target
    to have the data encrypted. I'm not familiar with what are .cfm scripts
    (Cold Fusion? And is that a script that's included with the download of
    the web page?). With Javascript included in the web page or along with
    it, the action attribute would call a function which would run locally
    in your web browser. This appears to be a separate script up on the
    server so a connection has to be made to it and over which the data gets
    sent. So it looks like the login credentials would get sent in the
    clear when the OP decided to use http instead of https to access that
    web page.

    Someone more expert in HTML coding might have to step in. I know that
    the form is used to compile a bunch of data pairs used to send them
    somewhere. The "where" is specified by the action attribute in the
    <form> tag. Here a script is specified but is it a local script
    (delivered with the web page) or up on the server? If a server-side
    script, its location is relative and that's where my expertise ends
    since I don't know if it is possible to deliver a page via http but have
    a relative path to a server-side script demand an SSL connection. It
    would've been easy to determine if the action's value had been
    http://<somepath>/login.cfm or https://<somepath>/login.cfm. If the
    relative path used to specify the action (destination) for the handler
    for the login credentials means they are sent unencrypted, the OP should
    contact the web owner to complain that they have a non-secure login
    page.

    There is a "Login" link on the left (different than the "Login" button)
    and it goes to a secure web page:

    href="https://hammertap.auctionstealer.com/secure/login.cfm">Login</a>

    If you start at the home page, the "Login" links there also go to the
    https target. The "Login" link shown in the left side on any of their
    pages goes to an https page. So I don't know why the OP is entering his
    own http URL in the address bar of his web browser. The links provided
    by the site do go to a secured web page. Whether using http or https,
    the URL points to the same page (i.e., the same path). So the *site*
    directs you to a secured connection to that page but the OP has chosen
    to use his own non-secured connection to that same page. Since the
    script doesn't appear to be local to the delivered web page, it would be
    a server-side script that would need to get the data pairs from the form
    and that would mean the login credentials would get sent in the clear.

    The OP should just use the login links provided by the site that use
    https instead of using his own fabricated URL that uses http. I suppose
    a site could reject an http connect to a web page used for login or
    perform a redirect to the same page but using https but that doesn't
    happen at this site.

    >> I'm interested in helping those that use services or software to snipe eBay
    >> auctions in the last 3 seconds and fuck up the real humans trying to
    >> submit bids there.

    >
    > That is a completely different topic unrelated to what is being discussed
    > here.


    It wasn't to address the issues that were on-topic in this thread. It
    mentioned why I chose not to continue assisting the OP. You thought it
    would be more appropriate to just say "I won't help you anymore" (which
    couldv'e been better addressed by specifying that it was the OP that I
    didn't want to help, not discuss further with you).
     
  18. Rob

    Rob Flightless Bird

    VanguardLH <V@nguard.LH> wrote:
    > If you look at the HTML code, where in it does it specify to where the
    > data gets sent? I saw no destination site specified (as in a URL for
    > the form's data). It has to be in the script.
    >
    > <form action="login.cfm" method="post">


    Apparently you don't know how forms work.
    That is OK, but I am not going to teach it to you.

    You will have to do with "the action parameter specifies the URL
    where the form data is sent".
     
  19. VanguardLH

    VanguardLH Flightless Bird

    Rob wrote:

    > VanguardLH <V@nguard.LH> wrote:
    >> If you look at the HTML code, where in it does it specify to where the
    >> data gets sent? I saw no destination site specified (as in a URL for
    >> the form's data). It has to be in the script.
    >>
    >> <form action="login.cfm" method="post">

    >
    > Apparently you don't know how forms work.
    > That is OK, but I am not going to teach it to you.
    >
    > You will have to do with "the action parameter specifies the URL
    > where the form data is sent".


    Yes, I see that after I did the research and pointed to the action
    attribute that now you miracuously claim that expertise.
     
  20. Jeff Strickland

    Jeff Strickland Flightless Bird

    "Rob" <nomail@example.com> wrote in message
    news:slrni0roo4.1qi.nomail@xs8.xs4all.nl...
    > Jeff Strickland <crwlrjeff@yahoo.com> wrote:
    >>
    >> "Rob" <nomail@example.com> wrote in message
    >> news:slrni0q5t0.vk4.nomail@xs8.xs4all.nl...
    >>> Jeff Strickland <crwlrjeff@yahoo.com> wrote:
    >>>>
    >>>> "james" <nospam@nospam.com> wrote in message
    >>>> news:u57jMvhBLHA.5808@TK2MSFTNGP02.phx.gbl...
    >>>>> Some sites with login should use https but is optional (I guess to
    >>>>> save
    >>>>> CPU time).
    >>>>>
    >>>>> Is there a way to automatically force IE8 into https whenever I'm on
    >>>>> that
    >>>>> site?
    >>>>>
    >>>>> I know firefox has an extension that does this, but since I use both
    >>>>> browsers, I need IE8 to do this as well.
    >>>>
    >>>>
    >>>> HTTPS is controlled by the server you are visiting, not the machine
    >>>> that
    >>>> you
    >>>> are using.
    >>>
    >>> This is of course incorrect. The use of HTTPS is determined by the URL,
    >>> hence by the user.
    >>>
    >>> When you want some extension that (for certain sites) allows a
    >>> https://sitename URL and not the http://sitename URL, you may be able
    >>> to avoind insecure connections to sites that offer both options.

    >>
    >>
    >> And, I couldn't help but notice that you ignored the OP and didn't even
    >> begin to address his concerns.

    >
    > I think you just don't understand what the OP is looking for.
    >
    > E.g. a way to remind him to use https instead of http with gmail,
    > where it is optional to use either one.


    He already KNOWS that. His question was to force IE8 to go to the HTTPS if
    there is one. IE8 does not know that there is an HTTPS until the server it
    finds tells it there is one, OR he knows there is one and tells IE8 in the
    first place.

    The existance of a secure server is not the purview of the client, it's a
    feature of the server. The user _might_ know there is a secure server, but
    there's no way that the browser will know this.

    I think it is you that don't know what the OP is asking, or what the answer
    is.
     

Share This Page