https Question. . .

[maniac]

To keep my website looking neat, i've got it opening the entire thing in a frame, so the URL at the top always stays the same, I think this looks more professional, and hides the paths etc. used to a limited extent.

www.nbc.medway.sch.uk is the site address.

I've also got E-portal and OWA on the same server on https, but they are opened in the same frame. When viewing OWA and Exportal in this frame, the browser doesn't report a secure connection, but when you look at the pages being loaded, they are coming from https source (they must be because both services are only available on https) You can get the front pages fo both services under the 'staff' section on the site.

My question is; are data transmissions on these services still actually encrypted when they are open in the frame like this, or would it be adviseable to have the links for these services opening up new windows rather than in the frame?

Opinions and ideas welcome.

Mike.

[localzuk]

To keep my website looking neat, i've got it opening the entire thing in a frame, so the URL at the top always stays the same, I think this looks more professional, and hides the paths etc. used to a limited extent.

To be blunt, this is a technique that died out years ago. Doing this makes navigation difficult and makes it difficult for people to bookmark pages. It will also cause problems with access for those using screen readers due to lack of titles. Also, it isn't valid HTML or XHTML as you have it written at the moment.

I've also got E-portal and OWA on the same server on https, but they are opened in the same frame. When viewing OWA and Exportal in this frame, the browser doesn't report a secure connection, but when you look at the pages being loaded, they are coming from https source (they must be because both services are only available on https) You can get the front pages fo both services under the 'staff' section on the site.

My question is; are data transmissions on these services still actually encrypted when they are open in the frame like this, or would it be adviseable to have the links for these services opening up new windows rather than in the frame?

Opinions and ideas welcome.

They are still encrypted, but users will get mixed content warnings due to the site mixing http and https content. The best way is to remove the rather bizarre obfuscation of site paths and allow things to work how they're supposed to work.

Actually, looking at the site, it doesn't seem to validate at all - which is against the law for government institutions as they have to make them accessible to all users.

[maniac]

The site is appauling I know, nothing to do with me, making the best of a bad situation shall we say. I really really want to re-design it. I won't tell you how much the school paid for it (it was 1000's)

I know that technique died out, but I really want to mask the URLs if possible and this is the only way I know to do it. Didn't realise it would cause problems like that thou, my web designing knowledge is only limited (as you can tell)

I didn't get any warnings when I looked at the site, it even appears to stop the certificate warnings coming up, which is quite scary in a way, as I thought it was impossible to do that. May have a re-think.

No problem with being blunt, constructive critisicm (as yours was) is always welcome.

Mike.

[localzuk]

Why do you want to mask the URLs?

[maniac]

Request from above, should have re-phrased that, I don't personally want to mask them, I was asked to and I couldn't think of any arguments not to. (Because they have seen it on other sites, they wanted it on ours too.)

You've now given me 2 good arguements to put it back to how it was before.

Mike.

[Joedetic]

If you want to tame your paths into something a bit prettier however, you might want to have a look at URL rewriting. I see you're using ASP.net so I'm assuming IIS. There are various ISAPI filters your can get for doing URL writing I think.

[maniac]

The main website is ASP.net, but it's reverse proxied through an apache server. The website URL's aren't too bad, but the URLs on Exchange and E-portal are just silly sometimes. That was her main 'concern' (Absolutely paranoid about the image of the school even down to things like this, but if you look at the history of the school, you'll understand why)

Like I say, started off wrong on this thread, I was never too fussed about it, but I was asked to do it and thought 'yeah I suppose it'll neaten things up a bit'

Might look into URL re-writing for the website if it's not too difficult, gotta be better than what we got at the moment.

Mike.

[contink]

Can I suggest a different approach... Instead put the pages through an .htaccess file that redirects them to the actual site without actually changing the URL.

No matter what you do you're not going to hide the address properly because of headers, etc... and if this is a permissions/auth issue you're better off puttin a user auth session as a requirement first and then just blocking people from accessing the sites without a login.

Anything else is, to be blunt, a waste of time.