• Home
  • Security alert for Non-Secure Connection

Security alert for Non-Secure Connection

12 December 2008 Bajrang Gupta Comments Off

Very often while visiting the website we receive an annoying popup saying you are being redirected to a non-secure connection, would you like to proceed? In essence the user wants to visit the pages, and is not left with any option, other than clicking on yes. As a developer, one should take care of such scenarios, so that we do not receive such pop ups. According to Microsoft, you may receive this security warning under the following conditions:

  • You are using a third-party Web-based program for security and single sign-on to your Intranet for your Web-based programs.
  • You are using Internet Explorer to view your Web-based programs.

While using a third-party program for security, if there are load balancing servers or proxy servers and they use http and not https protocol for communication within the intranet servers, your request gets transmitted from secure to non-secure connection and thus we see the pop up. Also, talking about specific development using Struts 1.2, when the action paths cannot be resolved directly and they use the redirect attribute of ForwardConfig to locate the action to be performed, this redirect may be conceived by the browser as a non-secure connection.
Code snippet:
<action path=”/a/testSecure” type=”com.winlin.TestSecure” name=”secForm” scope=”request”>
<forward name=”fwdSecure” path=”/a/testSecure.do”/>
<forward name=”fwdNonSecure” path=”testSecure.do” redirect=”true”/>
</action>
In the above snippet, the fwdSecure forward does not show up the pop up whereas, the fwdNonSecute does.

In another scenario, when you are using neither a third-party secure server nor you are using struts actions like above, Microsoft has also confirmed (See the KB article) that this is a problem with Internet explorer. You can upgrade IE with the latest service pack to resolve the problem.