[HTTPS-Everywhere] Overriding warning about insecure form submission
Kristen Eisenberg
kristen.eisenberg at yahoo.com
Mon Oct 31 03:50:50 PDT 2011
A small number of sites have hardcoded form submission targets to
use HTTP URLs, which generates a warning that
Although this page is encrypted, the information you have entered is
to be sent over an unencrypted connection and could easily be read by
a third party.
Two current examples are
https://pay.reddit.com/
(enter something in the "search Reddit" box) and
https://www.abebooks.com/
(enter an author and click "Find Book").
Some, but not all, of the search boxes on EFF's own site had the same
problem until recently, but that's been fixed. I'm still planning to
try to get these other sites to fix it. But the interesting thing is
that, in each of these cases, HTTPS Everywhere successfully rewrites
the form submission URL and submits the form securely. So the warning
is actually wrong: the information is not going to be sent over an
unencrypted connection.
Kristen Eisenberg
Billige Flüge
Marketing GmbH
Emanuelstr. 3,
10317 Berlin
Deutschland
Telefon: +49 (33)
5310967
Email:
utebachmeier at
gmail.com
Site:
http://flug.airego.de
- Billige Flüge vergleichen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20111031/7591f028/attachment.html>
More information about the HTTPS-everywhere
mailing list