SSL和框架 [英] SSL and Frames

问题描述

我正在使用框架的网站上工作。一些属于

的主框架（不是标题（顶部）或内容（侧面））需要加密SSL

。我在使用SSL调用这些页面方面没有任何问题（在各自的框架内

）。但是，当框架（主要内容框架）显示一个

安全页面时，我希望

底部的''安全锁''存在。 />

我的预感是因为其他两个帧不是SSL（标题和

内容）是浏览器只显示部分安全（1个

3帧）窗口。因此，安全锁不存在???

单独的框架仍在使用HTTPS协议，只是没有获得一个

视觉效果，让用户感到特别框架感到舒服

安全..


任何人都知道如何在

特定帧内的HTTPS请求中显示安全锁？

PS ...我了解如何使用''用户控件''，并已在几个

网站上使用过。这个特定应用程序的配置文件在它编写的时候保证了这个架构。我感谢你的帮助，但是如果你的帮助只是说'不要使用框架......'。或使用用户控件

而不是......然后不要浪费你的时间来记录那些股票回应。我承诺因为必须加入这个帖子而感到抱歉（对于那些不值得的人来说，通知b $ b）。我刚刚在这个

新闻组中查看了几个关于框架的帖子，其中唯一的技术帮助是建议一个不同的
架构。虽然考虑将一个表格转储给另一个表格，但是考虑到应用程序的广度，

时间框架等，很多时候不可能这么多b $ b。如果你这样做，那么事实上，有一些信息将是有用的（除了倾倒架构而不是另一个）然后

我当然会很感激...谢谢（在任何帮助......

I''m working on a website that uses frames. Some of the pages that belong in
the ''main'' frame (not the header (top) or contents (side)) need to be SSL
encrypted. I have no problems in invoking these pages using SSL (within
their respective frame). However, I would like the ''security lock'' at the
bottom to be present when the frame (main content frame) is showing a
secured page.

My hunch is that because the other two frames are not SSL (header and
contents) is that the browser is showing only a partially secured (1 out of
3 frames) window. Therefore, the security lock is not present ??? The
individual frame is still using the HTTPS protocol, just not getting a
visual for the user to feel comfortable that the particular frame is
secured..

Anyone know how to get the security lock to show on HTTPS requests within a
particular frame ?
PS... I understand how to use ''user controls'' and have used on several
sites. The profile for this particular application at the time it was
written warranted this architecture. I appreciate your help, but if your
help is only to say "Don''t use frames..." or "Use user controls
instead..." then don''t waste your time keying those stock responses. I
apologize for having to put in this posting (for those that don''t deserve to
be informed). I have just reviewed serveral posts on frames within this
newsgroup where the only technical help was to suggest a different
architecture. While it is a consideration to dump one form for another,
many times it is not possible given the breadth of the application,
timeframes, etc. If you do, in fact, have some information that would be
helpful (other than dump the architecture in favor of a different one) then
I certainly would appreciate it... Thanks (in advance) for any help...

推荐答案

你的预感是正确的：当你只是
您的一个框架是安全的。去年我遇到了同样的问题。我的

建议（没有破坏你的框架架构;-)是在新窗口中运行

安全部件（没有工具栏但有状态栏）。那个

方式你的应用程序的安全部分也被认为是安全的，你没有

来重写你的网站的其余部分。


唯一的另一种选择是通知用户，他们在网站的一个安全的

部分并告诉他们如何检查（右键/设置/

在URL中检查https）


希望有所帮助

Jon


Jamie Dulaney ; < JD ****** @ softwareexperts.net> schrieb im Newsbeitrag

新闻：％2 ****************** @ TK2MSFTNGP10.phx.gbl ...

Your hunch is correct: you won''t get the browser to show the lock when only
one of your frames is secured. I had the same problem last year. My
suggestion (without trashing your frame-architecture ;-) is to run just the
secured part in a new window (without a toolbar but with a status bar). That
way the secure part of your app is also seen to be secure and you dont have
to rewrite the rest of your site.

The only other alternative is to inform the users, that they are in a secure
part of the site and tell them how to check that (right key / settings /
check for https in the URL)

Hope that helps
Jon

"Jamie Dulaney" <jd******@softwareexperts.net> schrieb im Newsbeitrag
news:%2******************@TK2MSFTNGP10.phx.gbl...

我正在使用框架的网站上工作。在''main''框架中属于
的一些页面（不是标题（顶部）或内容（侧面））需要进行SSL加密。我在使用SSL调用这些页面时没有任何问题（在各自的框架内）。但是，当框架（主要内容框架）显示一个
安全页面时，我希望
的安全锁在底部出现。

我的预感是因为其他两个帧不是SSL（标题和
内容）是浏览器只显示部分安全（1个
的3帧）窗口。因此，安全锁不存在???
个人框架仍在使用HTTPS协议，只是没有获得视觉，让用户感到舒适，特定的框架是安全的..

任何人知道如何在
a特定帧内的HTTPS请求中显示安全锁？

PS ...我理解如何使用''用户控件''并且已经使用了几个
网站。在撰写本文时，此特定应用程序的配置文件保证了此体系结构。我感谢你的帮助，但如果你的帮助只是说不要使用框架......或使用用户控件
而不是......然后不要浪费你的时间来记录那些股票回应。我不得不为这篇帖子道歉（对于那些不值得获得
的人来说）。我刚刚回顾了这个
新闻组中框架上的几个帖子，其中唯一的技术帮助是建议一个不同的架构。虽然考虑将一种形式转储给另一种形式，但考虑到应用程序的广度，时间框架等，很多时候都不可能这样做。如果你这样做，事实上，有一些信息是
很有帮助（除了转换架构以支持另一个）
然后我当然会很感激...感谢（提前）任何帮助...

I''m working on a website that uses frames. Some of the pages that belong in the ''main'' frame (not the header (top) or contents (side)) need to be SSL
encrypted. I have no problems in invoking these pages using SSL (within
their respective frame). However, I would like the ''security lock'' at the bottom to be present when the frame (main content frame) is showing a
secured page.

My hunch is that because the other two frames are not SSL (header and
contents) is that the browser is showing only a partially secured (1 out of 3 frames) window. Therefore, the security lock is not present ??? The
individual frame is still using the HTTPS protocol, just not getting a
visual for the user to feel comfortable that the particular frame is
secured..

Anyone know how to get the security lock to show on HTTPS requests within a particular frame ?
PS... I understand how to use ''user controls'' and have used on several
sites. The profile for this particular application at the time it was
written warranted this architecture. I appreciate your help, but if your
help is only to say "Don''t use frames..." or "Use user controls
instead..." then don''t waste your time keying those stock responses. I
apologize for having to put in this posting (for those that don''t deserve to be informed). I have just reviewed serveral posts on frames within this
newsgroup where the only technical help was to suggest a different
architecture. While it is a consideration to dump one form for another,
many times it is not possible given the breadth of the application,
timeframes, etc. If you do, in fact, have some information that would be
helpful (other than dump the architecture in favor of a different one) then I certainly would appreciate it... Thanks (in advance) for any help...

Hello Jamie，


感谢您在小组中发帖。


基于在描述上，问题是：现在你有一个框架页面，一些

框架在安全区域。但是，当活动帧是安全页面时，您希望显示

botton处的安全锁。另外，你不想b $ b想要改变帧结构。如果我已经误解了这个问题，请随时在这里发帖。


我同意Jon的意见。如果安全网页位于

框架内，则不会出现安全锁定。仅当引用框架集

的原始HTML文档位于安全站点上时，才会显示Secure Lock指示符

。没有好办法改变这个默认的

行为。我们需要采取解决方法，因为Jon建议通知网站

客户他在安全区。


例如，在什么中是一个安全的浏览器？
http://icmr.icfai.org/FAQ.htm <的一部分/ a>，我们可以看到：

--------------------------------- ------

支持SSL加密技术的浏览器称为安全

浏览器。大多数Netscape（4.7及更高版本）和Microsoft Internet

Explorer（5.5或更高版本）浏览器都是安全的。当您进行在线支付时，您​​的浏览器将自动进入安全模式
与ICFAI进行
交易。


在Netscape浏览器中，键或插槽出现在左下方

一角，表示当前的安全模式。当密钥出现

未破损时，您的浏览器和网站之间发送的数据是安全的;如果

键出现故障，则数据将以未加密方式发送。


在Microsoft浏览器中，右下方状态栏中会出现锁定
安全会话期间
。正常未加密的

会话期间无法看到锁定。


在网站中使用HTML框架时，这些符号可能不会出现;

但是，当发送敏感信息时，ICFAI的任何交易都是安全的。

......

---- ----------------------


我认为这是经常用来表示它的方式。 />

谢谢，如果您有任何疑问，请随时在这里发布。


祝你好运，

Yanhong Huang

微软社区支持


安全！ - www.microsoft.com/security

发布是按原样提供的。没有保证，也没有赋予任何权利。

Hello Jamie,

Thanks for posting in the group.

Based on the description, the question is: Now you have a framed page, some
frame is in security zone. However, you like the security lock at the
botton to be shown when the active frame is a secured page. Also, you don''t
want to change the frames structure. Please feel free to post here if I
have misunderstood the problem.

I agree with Jon on his opinion. If the secure web page is located inside a
frame, the secure lock will not appear. The Secure Lock indicator is
displayed only if the original HTML document that referenced the frameset
is located on a secure site. There is no good way to change this default
behavior. We need to take workarounds as Jon suggested to notify the web
clients that he is in a security zone.

For an example, in the "What is a secure browser?" part of
http://icmr.icfai.org/FAQ.htm, we can see that:
---------------------------------------
Browsers that support the SSL encryption technology are called secure
browsers. Most Netscape (version 4.7 and later) and Microsoft Internet
Explorer (version 5.5 or later) browsers are secure. Your browser will
automatically enter the secure mode when you make online payment
transactions with ICFAI.

In Netscape browsers, a key or a socket appears in the lower left-hand
corner to indicate the current security mode. When the key appears
unbroken, data sent between your browser and the Web site is secure; if the
key appears broken, the data is being sent unencrypted.

In Microsoft browsers, a lock appears in the lower right hand status bar
during a secure session. No lock is visible during normal unencrypted
sessions.

These symbols may not appear when using HTML frames in the website;
however, any transaction with ICFAI is always secure when sensitive
information is being sent.
......
--------------------------

I think that is the way that is often used to indicate it.

Thanks and please feel free to post here if you have any more concerns.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

Jamie Dulaney < JD ****** @ softwareexperts.net>在消息中写道

新闻：#z ************** @ TK2MSFTNGP10.phx.gbl ...

"Jamie Dulaney" <jd******@softwareexperts.net> wrote in message
news:#z**************@TK2MSFTNGP10.phx.gbl...

我的预感是因为其他两个帧不是SSL（标题和
内容）是浏览器只显示部分安全（1个
的3帧）窗口。因此，安全锁不存在???
个人框架仍在使用HTTPS协议，只是没有获得视觉，让用户感到舒适，特定的框架是安全的..

任何人知道如何在
a特定帧内的HTTPS请求中显示安全锁？

My hunch is that because the other two frames are not SSL (header and
contents) is that the browser is showing only a partially secured (1 out of 3 frames) window. Therefore, the security lock is not present ??? The
individual frame is still using the HTTPS protocol, just not getting a
visual for the user to feel comfortable that the particular frame is
secured..

Anyone know how to get the security lock to show on HTTPS requests within a particular frame ?

我们遇到了同样的问题。

我的建议不会解决你的问题（因为其他一些海报有

表示，实际上没有办法将安全锁图标欺骗到

出现），但是您是否考虑使用徽标（Google图片Versign.gif

或Verisign.jpg），其中明确说出类似安全网站的内容，请点击

在这里验证？这至少会让用户更加自信。


HTH

we have run into same issue.
my suggestion will not solve your problem (as some other posters have
indicated, there is really no way to trick the security lock icon into
appearing), but have you considered using a logo (Google image "Versign.gif"
or "Verisign.jpg") which clearly says something like "Secure Site, click
here to verify"? This will at least make users a little more confident.

HTH

这篇关于SSL和框架的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！