My OperaYou need to be logged in to post in the forums. If you do not have an account, please sign up first.
Ok.
im using Version 10.63, mac osx 10.6.4
Im having problems with security warning windows poping up. Im logged into my stockbrokers webtrading service and when i load the charts i get a security warning telling me that "the information from the secure site will be sent to a non secure site, We dont recomend to send sensitive data".
Is there a way to disable this popup on this site only? since it is trusted.
take care / Johannes
im using Version 10.63, mac osx 10.6.4
Im having problems with security warning windows poping up. Im logged into my stockbrokers webtrading service and when i load the charts i get a security warning telling me that "the information from the secure site will be sent to a non secure site, We dont recomend to send sensitive data".
Is there a way to disable this popup on this site only? since it is trusted.
take care / Johannes
It is not possible to disabled that warning.
It is only displayed for a form submit from a Secure (HTTPS) page to an Unsecure (HTTP) page, because you will unexpectedly leave the secure area when this form is submitted, possibly transmitting sensitive information (e.g credit card information) in an unsecure fashion.
Opera (as opposed to other browsers, AFAIK) also display this for POST form submits performed by plugins, e.g. Flash applets. We started doing that after we caught a hotel reservation site using that method to send credit card data unsecurely.
The containing page will also loose the secure indication for their page if you allow the operation to continue, since it will the either start with unsecure content, or include unsecure content, which may represent a security or privacy risk.
You should contact the site and inform them that they have a security problem in their site and that they should fix it, because they are probably leaking information about which stocks you are evaluating, which might be useful for an eavesdropper. The data can also be manipulated by an attacker, perhaps allowing them to show you more favorable (for them) information (and they only need control of a router to do this). Worst case, the site's web applications may (conceivably) have vulnerabilities that can allow an attacker to take over your session, perhaps perform trades in your name or transfer money, by injecting data into the unencrypted connection. The latter is probably unlikely, but if it happened you would have a hard time discovering what had happened.
It is only displayed for a form submit from a Secure (HTTPS) page to an Unsecure (HTTP) page, because you will unexpectedly leave the secure area when this form is submitted, possibly transmitting sensitive information (e.g credit card information) in an unsecure fashion.
Opera (as opposed to other browsers, AFAIK) also display this for POST form submits performed by plugins, e.g. Flash applets. We started doing that after we caught a hotel reservation site using that method to send credit card data unsecurely.
The containing page will also loose the secure indication for their page if you allow the operation to continue, since it will the either start with unsecure content, or include unsecure content, which may represent a security or privacy risk.
You should contact the site and inform them that they have a security problem in their site and that they should fix it, because they are probably leaking information about which stocks you are evaluating, which might be useful for an eavesdropper. The data can also be manipulated by an attacker, perhaps allowing them to show you more favorable (for them) information (and they only need control of a router to do this). Worst case, the site's web applications may (conceivably) have vulnerabilities that can allow an attacker to take over your session, perhaps perform trades in your name or transfer money, by injecting data into the unencrypted connection. The latter is probably unlikely, but if it happened you would have a hard time discovering what had happened.
Sincerely,
Yngve N. Pettersen
Yngve N. Pettersen
I understand the good intentions of Opera devs for the warning, however, it is a major annoyance for me when I browse Google Reader and some flash video is among the items I browse through. Can you please make some sort of an option to temporarily/permanently disable the warning message for the current site? Something like "advanced options=>disable security warning for the current site", so that average users don't toy with it much?
IC XC
NI KA
NI KA
Originally posted by AleksOD:
it is a major annoyance for me when I browse Google Reader and some flash video is among the items I browse through
why would a flash video need to submit some data to a remote server??
Originally posted by larskl:
Originally posted by AleksOD:
it is a major annoyance for me when I browse Google Reader and some flash video is among the items I browse through
why would a flash video need to submit some data to a remote server??
Or more precisely, why does it have to do that unsecurely from a secure page/applet? Trying to save USD 20, perhaps?
Sincerely,
Yngve N. Pettersen
Yngve N. Pettersen
I am not trying to belittle your point, security is very important, indeed. However, I feel that there must be a way to disable this message, at least temporary. Plus, Google Reader is not really a banking application or anything, it's just a news aggregator.
IC XC
NI KA
NI KA
@AleksOD Use http://www.google.com/reader/view/ instead.
Originally posted by dantesoft:
@AleksOD Use http://www.google.com/reader/view/ instead.
I believe you have found the solution to my problem. Thank you!!!
IC XC
NI KA
NI KA
4. November 2011, 00:11:40 (edited)
To anyone who doesn't understand the extent of this issue, try watching the following video on facebook. The dialogues will continue to pop up until it causes the tab to lock up (or, on rare occasions, the whole browser to crash). I know that on facebook you can stop the error by changing the prefix to regular http, but this wont work on all websites (also, since opera now disables the prefix by default, the average user will have no idea how to bypass the error even if they have been told that they need to change the prefix). Opera, please make it so that there is a "Do not show this message again for the current webpage" button/checkbox that will temporarily disable the messages until the user leaves the current URL.
Video link: https://www.facebook.com/photo.php?v=1780692416730&set=vb.234127059941735&type=2&permPage=1
(try pausing and unpausing the video a few times, and see what happens.)
Video link: https://www.facebook.com/photo.php?v=1780692416730&set=vb.234127059941735&type=2&permPage=1
(try pausing and unpausing the video a few times, and see what happens.)
12. November 2011, 00:20:12 (edited)
I have been using Opera since version 3. Opera has been my default browser since version 6. I am a web developer and IT professional. I really don't evangelize as much as I used to, simply because Opera is too smart for most of my users. Opera is standards compliant and secure, it offers superior debugging and rendering capabilities for HTML development. I've even have my best and brightest users operating under the premise that "If a website doesn't work in Opera, it is probably broken'. Moreover, the majority of the time, that a site complains about Opera, you can flip to 'Identify as Firefox' and suddenly Opera has no problems rendering the page. Sniffing for Opera and delivering flawed code has been an issue for years, I'm sure some of you will remember the Swedish Chef version of Opera, bork, bork, bork. Supply opera with valid code and it will render quickly and cleanly. Good stuff, right?
All that being said, the sites that are the least well written (Hotmail, Facebook, Google+, youtube, wellsfargo, Dell.com) have the biggest problems with my favorite browser. Oddly enough, these are the sites that many of my average users use the most. IMO, Opera is 100% correct, that playing 'MafiaWars', 'Farmville', and YouTube videos are a huge invasion of privacy and a colossal waste of time, but obviously that is not enough to dissuade people from playing the games. It does however dissuade them from using the 'Fastest browser on Earth'.
I get it, submitting data to a cross linked site when you are under the guise of a https 'secure' site is potentially dangerous and possibly malicious. Knowing that, should not necessarily preclude me from assessing the risk and doing as I please. I feel the same way about drinking alcohol, riding a motorcycle or scuba diving, all potentially dangerous activities in which otherwise rational individuals may elect to participate in (though hopefully not all at the same time).
Could you please reconsider adding some kind of whitelist, or Site Preference, that would allow clever Opera users to do foolish things after they have been duly warned of the potential risks. Or it may be easier to alter the tagline to read 'The fastest browser on Earth, if you are smart enough to use it and dont really want to participate in social networks anyways', but that does not really roll off the tongue does it?
If the solution is to use a different browser, then so be it. I can totally eliminate my users' problems, by not suggesting Opera in the first place.
All that being said, the sites that are the least well written (Hotmail, Facebook, Google+, youtube, wellsfargo, Dell.com) have the biggest problems with my favorite browser. Oddly enough, these are the sites that many of my average users use the most. IMO, Opera is 100% correct, that playing 'MafiaWars', 'Farmville', and YouTube videos are a huge invasion of privacy and a colossal waste of time, but obviously that is not enough to dissuade people from playing the games. It does however dissuade them from using the 'Fastest browser on Earth'.
I get it, submitting data to a cross linked site when you are under the guise of a https 'secure' site is potentially dangerous and possibly malicious. Knowing that, should not necessarily preclude me from assessing the risk and doing as I please. I feel the same way about drinking alcohol, riding a motorcycle or scuba diving, all potentially dangerous activities in which otherwise rational individuals may elect to participate in (though hopefully not all at the same time).
Could you please reconsider adding some kind of whitelist, or Site Preference, that would allow clever Opera users to do foolish things after they have been duly warned of the potential risks. Or it may be easier to alter the tagline to read 'The fastest browser on Earth, if you are smart enough to use it and dont really want to participate in social networks anyways', but that does not really roll off the tongue does it?
If the solution is to use a different browser, then so be it. I can totally eliminate my users' problems, by not suggesting Opera in the first place.
I have found solution to this:
1- open "the site with certificate" with internet explorer.
2- than open tools>internet options>certficates.
3- Find your certificate that you need. And export it as .p7b format.
4- Open Opera
5- Go to settings>preferences>advanced>security>authorities
6- İmport the file that exported with internet explorer.
7- Here it is. Your job is done. Opera won't ask for that certificate everytime.
1- open "the site with certificate" with internet explorer.
2- than open tools>internet options>certficates.
3- Find your certificate that you need. And export it as .p7b format.
4- Open Opera
5- Go to settings>preferences>advanced>security>authorities
6- İmport the file that exported with internet explorer.
7- Here it is. Your job is done. Opera won't ask for that certificate everytime.
The easiest thing I found was to download FlashPeak Slim Browser, I have no problems getting into any games on FaceBook. Works as well as google and mozilla not to mention is is a bit faster then google. :-) One would think that they would take care of this security problem we are having. I have seen complaints about that security popping up and not being able to load some games.
Forums » General Opera topics » Security and privacy in Opera