Sign in with
Sign up | Sign in
Your question

Visible Information - revisited

Tags:
  • Security
  • Microsoft
  • Windows XP
Last response: in Windows XP
Share
Anonymous
a b 8 Security
August 2, 2005 12:26:01 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I thought I made it clear that this was a new issue. The question of
clicking the "Do Not Show this Message" box could just hide the fact that
something is wrong, security wise, that needs to be fixed. I don't want
information read by others just as I don't want my SSAN and credit card
numbers posted on forums. I don't know why information like that wasn't
included in my update to gordon's comment which wasn't very helpful.

Mike

More about : visible information revisited

Anonymous
a b 8 Security
August 2, 2005 4:04:56 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

mike carrington wrote:
> I thought I made it clear that this was a new issue. The
> question of clicking the "Do Not Show this Message" box
> could just hide the fact that something is wrong, security
> wise, that needs to be fixed. I don't want information read
> by others just as I don't want my SSAN and credit card
> numbers posted on forums. I don't know why information like
> that wasn't included in my update to gordon's comment which
> wasn't very helpful.
> Mike

Have you recently changed the level of your Internet Explore
security settings from Medium to High?

Go to Control Panel -> Internet Options and click on the
Security tab. Hit the "Custom Level" button. Scroll down to
"Submit nonencrypted form data". If it's set to prompt, you
receive that warning. Leaving the box checked changes that
setting to Enable.

Quoting from this MS article:

http://www.microsoft.com/resources/documentation/ie/6/a...

• Submit nonencrypted form data. This option determines
whether HTML pages in the zone can submit forms to or accept
forms from servers in the zone. Forms sent with Secure Sockets
Layer (SSL) encryption are always allowed; this setting only
affects data that is submitted by non-SSL forms. This option
has the following settings:

• Disable, which prevents information from forms on
HTML pages in the zone from being submitted.

• Enable, which allows information from forms on
HTML pages in the zone to be submitted without user
intervention.

• Prompt, which prompts users to choose whether to
allow information from forms on HTML pages in the zone to be
submitted.



Quoting from this article:

http://www.windowsitpro.com/Article/ArticleID/21026/210...

"Submit nonencrypted form data. When a user fills in some
fields on a Web page form and clicks submit, IE checks first to
see whether the user connects to the server using Secure Socket
Layer (SSL) to encrypt the form. If so, IE sends the form
content to the Web server. If the connection to the Web server
isn’t using SSL encryption, IE checks Submit nonencrypted form
data to see whether the user has permission to send the form
without encryption protection. Depending on the Web page, the
information the user just entered might be confidential (e.g.,
credit card numbers). A Web developer should never request
private information from a user without using encryption, but
some do. Hackers can look at data users send in the clear text
over the Internet. If you enable this option, train users to
determine whether a Web page is using SSL by looking for the
lock icon at the bottom of the IE window. If Web pages don't
display the lock icon, train users not to enter private
information. If you set this option to Prompt, users don’t need
to remember to look for the lock before submitting private
information. IE will always warn users before it sends form
data they've just entered in clear text. However, if you want
to prevent users from sending any form data in clear text, set
Submit nonencrypted form data option to disable. Unfortunately,
you'll prevent users from accessing clear text connection sites
that ask for relatively public information, such as email
addresses, because IE doesn’t know when form fields include
only private data. Keep in mind that setting the Prompt option
can really annoy users, so if you can't train users not to
enter private information on Web pages that don’t display the
lock icon, Prompt is your only other option."

Is that enough information for you? If you want more, I'd
suggest doing a google search for "submit nonencrypted form
data" or "Internet Explorer security zones".

Also, you might want to try keeping your responses within the
same thread. And if you really want to get your questions
answered, lose the attitude.

Nepatsfan
August 2, 2005 8:52:13 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

mike carrington wrote:
> I thought I made it clear that this was a new issue. The question of
> clicking the "Do Not Show this Message" box could just hide the fact that
> something is wrong, security wise, that needs to be fixed. I don't want
> information read by others just as I don't want my SSAN and credit card
> numbers posted on forums. I don't know why information like that wasn't
> included in my update to gordon's comment which wasn't very helpful.
>
> Mike
>
>

Do you send personal information to non-secure servers? if not - then
just ignore it! It's a warning that comes up as a default setting on
most browsers until you click the "do not show" box. If you have a good
firewall and AV and spyware software installed, then there's nothing to
worry about.
!