Is it really a security problem to have non secure assets on an ssl page?
- by blockhead
My understanding is that this is just an example of being overly cautious, but if my checkout form contains an unsecure asset on it, that doesn't endanger anybody's credit card numbers from being caught by a man-in-the-middle.
I'm asking this because every once in while, maybe because of cached content or whatnot, somebody writes in saying that they are seeing this "error" (even though there are no unsecure assets on my page), but they want an explanation.
So yes, I can tell all about encryption and certificates and trust and men-in-the-middle. But what do I tell them about this. How do I convince them that the site is 100% safe (and if it isn't let me know that I'm mistaken!)