The web site needs to be fully secured with all contents delivered over the SSL

GSA / enterprise-data-inventory

The Enterprise Data Inventory is a CKAN based data management system for private and public data management

7 stars 5 forks source link

The web site needs to be fully secured with all contents delivered over the SSL #54

Open pandyapm opened 11 years ago

pandyapm commented 11 years ago

The web site shows as partially SSL secured and some contents are not delivered over the SSL. This can lead into defacing of the website or vulnerable to the XSS type attacks. Solution: check the web pages for external references used(images etc) and make copy to the local server instead of referring them to the no SSL external web site. The image http://assets.okfn.org/images/ok_buttons/od_80x15_blue.png is one example I found in this web site which is not secured, but there may be more.

ykhadilkar commented 10 years ago

There are more items coming over http connection on resource page like Map tiles. Need more discussion.