With all the trouble one can run into on the Internet, it is always a good idea to have as secure of a connection as possible. But what do you do when your browser says a secure website is not fully secure? Today’s SuperUser Q&A post has the answer to a worried reader’s question.
由于互联网上会遇到很多麻烦,因此,拥有尽可能安全的连接始终是一个好主意。 但是,当您的浏览器显示安全网站不完全安全时,您该怎么办? 今天的《超级用户问答》帖子解答了一个担心的读者的问题。
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
今天的“问答”环节由SuperUser提供,它是Stack Exchange的一个分支,该社区是由社区驱动的Q&A网站分组。
问题 (The Question)
SuperUser reader David Starkey wants to know why his browser says a secure website is not fully secure:
超级用户读者David Starkey想知道为什么他的浏览器说一个安全的网站并不完全安全:
I was accessing Pandora via SSL and noticed a few icons by the URL. First is this exclamation point in a triangle, indicating the page is not fully secure.
我正在通过SSL访问Pandora,并注意到URL上有一些图标。 首先是三角形中的这个感叹号,指示页面不完全安全。
Next to it is a shield. This one says content that is not secure is blocked.
在它旁边是一个盾牌。 这说不安全的内容被阻止。
These statements, at least to me, seem to contradict each other. Can someone explain this to me? Is my connection secure or not? I accessed the Pandora website using Firefox 30.0 on Windows 7. I also have HTTPS Everywhere installed.
至少在我看来,这些说法似乎相互矛盾。 谁可以给我解释一下这个? 我的连接安全吗? 我在Windows 7上使用Firefox 30.0访问了Pandora网站。我还安装了HTTPS Everywhere 。
What is going on here? Is David’s connection to the Pandora website secure or not?
这里发生了什么? David与Pandora网站的连接是否安全?
答案 (The Answer)
SuperUser contributor redburn has the answer for us:
超级用户贡献者redburn为我们提供了答案:
This is called a “mixed content” page. From the Mozilla Developer Network (Mixed Content):
这称为“混合内容”页面。 来自Mozilla开发人员网络(混合内容) :
If the HTTPS page includes content retrieved through regular, cleartext HTTP, then the connection is only partially encrypted: the unencrypted content is accessible to sniffers and can be modified by man-in-the-middle attackers, and therefore the connection is not safeguarded anymore. When a webpage exhibits this behavior, it is called a mixed content page.
如果HTTPS页面包含通过常规明文HTTP检索的内容,则连接仅被部分加密:嗅探者可以访问未加密的内容,并且中间人攻击者可以修改未加密的内容,因此该连接不再受保护。 。 当网页显示此行为时,它称为混合内容页面。
The statements are not contradictory, but complementary, and a little confusing perhaps. The first says the page itself is not fully secure because it contains unencrypted elements (all web browsers will notify you of this), whereas the second notes that these elements have been automatically blocked by Firefox.
这些声明并不矛盾,而是相辅相成的,也许有些令人困惑。 第一个指出页面本身并不完全安全,因为它包含未加密的元素(所有网络浏览器都会通知您),而第二个指出这些元素已被Firefox自动阻止。
If Firefox did not block the unencrypted elements, then strictly speaking, the page would not be secure.
如果Firefox没有阻止未加密的元素,那么严格来说,该页面将是不安全的。
HTTPS Everywhere does not guarantee a secure connection. It will only try to force HTTPS whenever it is available; if it is not, then there is nothing a user or browser can do about it outside of blocking the unsecure content.
HTTPS Everywhere不保证安全连接。 它将仅在可用时尝试强制使用HTTPS。 如果不是,那么除了阻止不安全的内容之外,用户或浏览器对此无能为力。
Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.
有什么补充说明吗? 在评论中听起来不错。 是否想从其他精通Stack Exchange的用户那里获得更多答案? 在此处查看完整的讨论线程 。
翻译自: https://www.howtogeek.com/192921/why-does-my-browser-say-a-secure-website-is-not-fully-secure/
6491
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
