CHI-WEB Archives

ACM SIGCHI WWW Human Factors (Open Discussion)

CHI-WEB@LISTSERV.ACM.ORG

Options: Use Classic View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender: "ACM SIGCHI WWW Human Factors (Open Discussion)" <[log in to unmask]>
From: Liz Gee <[log in to unmask]>
Date: Thu, 4 Feb 1999 16:40:53 -0000
Organization: Corillian Corporation
Parts/Attachments: text/plain (69 lines)
Steve,

Our Framed site loads the Frame at the top level, and is totally within a
secure site.  We have no links outside the secure site.  Upon logoff, I
display a message letting the user know that they are logging off and
leaving the secure site.

On your site, do you have links which leave the secure Frameset for certain
pages?
On ours, we log them off.
Which browsers are you building for?
On our site, Framed or UnFramed (we do both),
if a gif is loaded from an unsecure site, an alert come up.

Perhaps someone needs to look at the security configuration on your site.

Elizabeth Gee

Human Factors Engineer
Corillian Corporation
(503)526-5241
[log in to unmask]
----------------------
The only thing we can be sure of, is Change.    -I Ching
-----Original Message-----
From:   Steve Fouts [SMTP:[log in to unmask]]
Sent:   Thursday, February 04, 1999 7:14 PM
To:     [log in to unmask]
Subject:        Re: Frames pros and cons

Liz Gee wrote:
>
> I work in electronic commerce as well.  Most of our clients want frames.
> We build the sites with or without frames as our clients request.
> I read through the link which Scott B sent us on Frames.
> I agree for broad based informational sites, the pros & cons make sense.
> However, for e-commerce sites, where we do not want our sub pages
> bookmarked, because they are on a secure site, etc... we find that these
> cons for frames do not seem to apply.

The problem with loading a secure page into a non-secure frameset is
that
the user won't see the lock and therefore won't believe that the page
is secure. My employer has gotten (irate) calls from customers on this
very
issue.

The alternatives are to load the entire frameset securely, which opens
you
up to spoofing (if the frameset was loaded securely, the lock shows
regardless
of whether the individual pages loaded into the frames are, in fact,
secure),
or to break out of the frameset for the duration of the secure
transaction.

We've chosen the latter based on customer requests and are busy
redesigning
the site without frames because of this, and other problems with frames.

--
Steve Fouts [log in to unmask]

I notice that you use plain, simple language, short words and brief
sentences. That is the way to write English - it is the modern way
and the best way. Stick to it; don't let fluff and flowers and
verbosity creep in.
- Mark Twain

ATOM RSS1 RSS2