You cannot and must not show that your page is secure, because it is not. The problem is that your page is vulnerable to a man-in-the-middle attack: there is no guarantee that the text of your web page or of the javascript files that it is using was not altered by someone while it was transmitted from the server to your client.
E.g. someone may implement a script that submits the copy of sensitive data to some other server, before submitting it through https to your server. The only way to claim that your page is secure is to serve it through https. 2008/2/1, Dave <[EMAIL PROTECTED]>: > if a form may contain personal data, it should be summitted using https. > Also we need to let user know it is secure by showing a lock and https://.... > in browser address bar. > > sometimes The IE browser shows a warning: the page contains both secure and > nonsecure data. what is the meaning? how to avoid the warning? > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]