Visible Information - revisited

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I thought I made it clear that this was a new issue. The question of
clicking the "Do Not Show this Message" box could just hide the fact that
something is wrong, security wise, that needs to be fixed. I don't want
information read by others just as I don't want my SSAN and credit card
numbers posted on forums. I don't know why information like that wasn't
included in my update to gordon's comment which wasn't very helpful.

Mike
2 answers Last reply
More about visible information revisited
  1. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    mike carrington wrote:
    > I thought I made it clear that this was a new issue. The
    > question of clicking the "Do Not Show this Message" box
    > could just hide the fact that something is wrong, security
    > wise, that needs to be fixed. I don't want information read
    > by others just as I don't want my SSAN and credit card
    > numbers posted on forums. I don't know why information like
    > that wasn't included in my update to gordon's comment which
    > wasn't very helpful.
    > Mike

    Have you recently changed the level of your Internet Explore
    security settings from Medium to High?

    Go to Control Panel -> Internet Options and click on the
    Security tab. Hit the "Custom Level" button. Scroll down to
    "Submit nonencrypted form data". If it's set to prompt, you
    receive that warning. Leaving the box checked changes that
    setting to Enable.

    Quoting from this MS article:

    http://www.microsoft.com/resources/documentation/ie/6/all/reskit/en-us/part2/c04ie6rk.mspx

    • Submit nonencrypted form data. This option determines
    whether HTML pages in the zone can submit forms to or accept
    forms from servers in the zone. Forms sent with Secure Sockets
    Layer (SSL) encryption are always allowed; this setting only
    affects data that is submitted by non-SSL forms. This option
    has the following settings:

    • Disable, which prevents information from forms on
    HTML pages in the zone from being submitted.

    • Enable, which allows information from forms on
    HTML pages in the zone to be submitted without user
    intervention.

    • Prompt, which prompts users to choose whether to
    allow information from forms on HTML pages in the zone to be
    submitted.


    Quoting from this article:

    http://www.windowsitpro.com/Article/ArticleID/21026/21026.html

    "Submit nonencrypted form data. When a user fills in some
    fields on a Web page form and clicks submit, IE checks first to
    see whether the user connects to the server using Secure Socket
    Layer (SSL) to encrypt the form. If so, IE sends the form
    content to the Web server. If the connection to the Web server
    isn’t using SSL encryption, IE checks Submit nonencrypted form
    data to see whether the user has permission to send the form
    without encryption protection. Depending on the Web page, the
    information the user just entered might be confidential (e.g.,
    credit card numbers). A Web developer should never request
    private information from a user without using encryption, but
    some do. Hackers can look at data users send in the clear text
    over the Internet. If you enable this option, train users to
    determine whether a Web page is using SSL by looking for the
    lock icon at the bottom of the IE window. If Web pages don't
    display the lock icon, train users not to enter private
    information. If you set this option to Prompt, users don’t need
    to remember to look for the lock before submitting private
    information. IE will always warn users before it sends form
    data they've just entered in clear text. However, if you want
    to prevent users from sending any form data in clear text, set
    Submit nonencrypted form data option to disable. Unfortunately,
    you'll prevent users from accessing clear text connection sites
    that ask for relatively public information, such as email
    addresses, because IE doesn’t know when form fields include
    only private data. Keep in mind that setting the Prompt option
    can really annoy users, so if you can't train users not to
    enter private information on Web pages that don’t display the
    lock icon, Prompt is your only other option."

    Is that enough information for you? If you want more, I'd
    suggest doing a google search for "submit nonencrypted form
    data" or "Internet Explorer security zones".

    Also, you might want to try keeping your responses within the
    same thread. And if you really want to get your questions
    answered, lose the attitude.

    Nepatsfan
  2. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    mike carrington wrote:
    > I thought I made it clear that this was a new issue. The question of
    > clicking the "Do Not Show this Message" box could just hide the fact that
    > something is wrong, security wise, that needs to be fixed. I don't want
    > information read by others just as I don't want my SSAN and credit card
    > numbers posted on forums. I don't know why information like that wasn't
    > included in my update to gordon's comment which wasn't very helpful.
    >
    > Mike
    >
    >

    Do you send personal information to non-secure servers? if not - then
    just ignore it! It's a warning that comes up as a default setting on
    most browsers until you click the "do not show" box. If you have a good
    firewall and AV and spyware software installed, then there's nothing to
    worry about.
Ask a new question

Read More

Security Microsoft Windows XP