+ Post New Thread
Results 1 to 8 of 8
Web Development Thread, https Question. . . in Coding and Web Development; To keep my website looking neat, i've got it opening the entire thing in a frame, so the URL at ...
  1. #1

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,051
    Thank Post
    209
    Thanked 427 Times in 307 Posts
    Rep Power
    144

    https Question. . .

    To keep my website looking neat, i've got it opening the entire thing in a frame, so the URL at the top always stays the same, I think this looks more professional, and hides the paths etc. used to a limited extent.

    www.nbc.medway.sch.uk is the site address.

    I've also got E-portal and OWA on the same server on https, but they are opened in the same frame. When viewing OWA and Exportal in this frame, the browser doesn't report a secure connection, but when you look at the pages being loaded, they are coming from https source (they must be because both services are only available on https) You can get the front pages fo both services under the 'staff' section on the site.

    My question is; are data transmissions on these services still actually encrypted when they are open in the frame like this, or would it be adviseable to have the links for these services opening up new windows rather than in the frame?

    Opinions and ideas welcome.

    Mike.

  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,680
    Thank Post
    516
    Thanked 2,451 Times in 1,897 Posts
    Blog Entries
    24
    Rep Power
    832

    Re: https Question. . .

    Quote Originally Posted by maniac
    To keep my website looking neat, i've got it opening the entire thing in a frame, so the URL at the top always stays the same, I think this looks more professional, and hides the paths etc. used to a limited extent.
    To be blunt, this is a technique that died out years ago. Doing this makes navigation difficult and makes it difficult for people to bookmark pages. It will also cause problems with access for those using screen readers due to lack of titles. Also, it isn't valid HTML or XHTML as you have it written at the moment.

    I've also got E-portal and OWA on the same server on https, but they are opened in the same frame. When viewing OWA and Exportal in this frame, the browser doesn't report a secure connection, but when you look at the pages being loaded, they are coming from https source (they must be because both services are only available on https) You can get the front pages fo both services under the 'staff' section on the site.

    My question is; are data transmissions on these services still actually encrypted when they are open in the frame like this, or would it be adviseable to have the links for these services opening up new windows rather than in the frame?

    Opinions and ideas welcome.
    They are still encrypted, but users will get mixed content warnings due to the site mixing http and https content. The best way is to remove the rather bizarre obfuscation of site paths and allow things to work how they're supposed to work.

    Actually, looking at the site, it doesn't seem to validate at all - which is against the law for government institutions as they have to make them accessible to all users.

  3. #3

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,051
    Thank Post
    209
    Thanked 427 Times in 307 Posts
    Rep Power
    144

    Re: https Question. . .

    The site is appauling I know, nothing to do with me, making the best of a bad situation shall we say. I really really want to re-design it. I won't tell you how much the school paid for it (it was 1000's)

    I know that technique died out, but I really want to mask the URLs if possible and this is the only way I know to do it. Didn't realise it would cause problems like that thou, my web designing knowledge is only limited (as you can tell)

    I didn't get any warnings when I looked at the site, it even appears to stop the certificate warnings coming up, which is quite scary in a way, as I thought it was impossible to do that. May have a re-think.

    No problem with being blunt, constructive critisicm (as yours was) is always welcome.

    Mike.

  4. #4

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,680
    Thank Post
    516
    Thanked 2,451 Times in 1,897 Posts
    Blog Entries
    24
    Rep Power
    832

    Re: https Question. . .

    Why do you want to mask the URLs?

  5. #5

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,051
    Thank Post
    209
    Thanked 427 Times in 307 Posts
    Rep Power
    144

    Re: https Question. . .

    Request from above, should have re-phrased that, I don't personally want to mask them, I was asked to and I couldn't think of any arguments not to. (Because they have seen it on other sites, they wanted it on ours too.)

    You've now given me 2 good arguements to put it back to how it was before.

    Mike.

  6. #6
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    22

    Re: https Question. . .

    If you want to tame your paths into something a bit prettier however, you might want to have a look at URL rewriting. I see you're using ASP.net so I'm assuming IIS. There are various ISAPI filters your can get for doing URL writing I think.

  7. #7

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,051
    Thank Post
    209
    Thanked 427 Times in 307 Posts
    Rep Power
    144

    Re: https Question. . .

    The main website is ASP.net, but it's reverse proxied through an apache server. The website URL's aren't too bad, but the URLs on Exchange and E-portal are just silly sometimes. That was her main 'concern' (Absolutely paranoid about the image of the school even down to things like this, but if you look at the history of the school, you'll understand why)

    Like I say, started off wrong on this thread, I was never too fussed about it, but I was asked to do it and thought 'yeah I suppose it'll neaten things up a bit'

    Might look into URL re-writing for the website if it's not too difficult, gotta be better than what we got at the moment.

    Mike.

  8. #8
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118

    Re: https Question. . .

    Can I suggest a different approach... Instead put the pages through an .htaccess file that redirects them to the actual site without actually changing the URL.

    No matter what you do you're not going to hide the address properly because of headers, etc... and if this is a permissions/auth issue you're better off puttin a user auth session as a requirement first and then just blocking people from accessing the sites without a login.

    Anything else is, to be blunt, a waste of time.

SHARE:
+ Post New Thread

Similar Threads

  1. No https:// requests can get through
    By Scotmk in forum Windows
    Replies: 21
    Last Post: 20th October 2008, 05:43 PM
  2. IE6 https problem
    By Spongor in forum Windows
    Replies: 7
    Last Post: 2nd November 2006, 09:25 AM
  3. E-Portal and https configuration
    By daveyboy in forum MIS Systems
    Replies: 3
    Last Post: 13th September 2006, 01:04 PM
  4. RDP over HTTP / HTTPS
    By GrumbleDook in forum Windows
    Replies: 2
    Last Post: 3rd September 2006, 09:37 PM
  5. Getting Moodle to logon using a different https port
    By p.simmons in forum Web Development
    Replies: 9
    Last Post: 8th March 2006, 02:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •