1. the standard "security alert" windows. It shows "it can't be viewed by others, but it includes a security certificate. doy ou want to proceed ? choose "yes", "no", "view certificate". What triggers this ? how to turn it on/off ?
2. sometimes between html or JSP pages, it first pops up a small box asking if you want to "retry" or "cancel", if you click "retry" the next page shows up. what triggers this ? anyway to turn this off ?
Concerning number 2, it is probably a page with a form that you are trying to refresh or re-submit (using the refresh button, or back button of the browser). It has to be dealt using the PRG Pattern. I'm not sure you can disable it with your browser.
i think no. 1is is about the security settings of the appilcation.. maybe uses ssl (https) not http.. you connection will be secured if you are in https than in ordinary http connection.. correct me if im wrong
First in plain English. Why do people trust passports? Because passports are authorized by governments. Imagine if I create a passport, sign it and say my buddy John authorized it! Could I get through the border? Not a chance because the border authorities have no idea who John is and whether or not he can be trusted.
When you use SSL you are using a combination of PKI, and symetric keys. The PKI is used for the initial secret key exchange. The problem though is how do you know that an SSL certificate is what it is supposed to be? The answer is that you don't and the SSL certificate needs to be signed. Signing the certificate means that the client and the server have contacted a single entity. The single entity is called a trusted authority. Thus when your browser contacts a server and is presented with an SSL certificate signed by the authority your browser will accept the signature of the authority because you have the verification information from the authority.
Where things get funny is if your browser does not have the signature of the signing authority. This is akin to being presented with a passport signed by John! Your browser alerts you and says, wait one minute here! Therefore to avoid the problems you can do two things. Ask the supplier of the certificate to get it properly signed. Or get a verification certificate from the authority and add it to your browser.
Ok? [ February 22, 2006: Message edited by: Christian Gross ]
Author of Ajax Patterns and Best Practices
It's a pleasure to see superheros taking such an interest in science. And this tiny ad: