No More Mixed Messages About HTTPS

Google Chrome will gradually start ensuring that https:// pages can only
load secure https:// subresources. In a series of steps outlined the
article linked below, They will start blocking mixed content (insecure
http:// subresources on https:// pages) by default. This change will
improve user privacy and security on the web, and present a clearer
browser security user experience to users.

https://blog.chromium.org/search/label/chrome%20security
--
With over 1,000,000 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.

On Sat, 5 Oct 2019 21:41:59 +0100, ? Good Guy ?
wrote:

Google Chrome will gradually start ensuring that https:// pages can only
load secure https:// subresources. In a series of steps outlined the
article linked below, They will start blocking mixed content (insecure
http:// subresources on https:// pages) by default. This change will
improve user privacy and security on the web, and present a clearer
browser security user experience to users.

https://blog.chromium.org/search/label/chrome%20security

That's interesting. There may then arise the need for there to be two
versions of some innocuous resources: one secure and the other not.

--


Eric Stevens

There are two classes of people. Those who divide people into
two classes and those who don't. I belong to the second class.

"Eric Stevens" wrote

| https://blog.chromium.org/search/label/chrome%20security
|
| That's interesting. There may then arise the need for there to be two
| versions of some innocuous resources: one secure and the other not.
|

Current browsers can handle it. The problem is with
websites that don't provide https or provide only an
unsafe version of encryption. But there is one issue
with no solution: I read recently that FTP can't be
encrypted. So people might be blocked from accessing
via FTP if they use Chrome.

On 10/6/2019 8:56 AM, Mayayana wrote:

But there is one issue
with no solution: I read recently that FTP can't be
encrypted.


FTP can be encrypted, but not all FTP programs support it. The current
version of FileZilla supports encrypted FTP and one has to opt out of
using it, so then it's a matter of whether the website server also
supports it.

--
best regards,

Neil

On Sun, 6 Oct 2019 08:56:11 -0400, Mayayana wrote:

But there is one issue
with no solution: I read recently that FTP can't be
encrypted.

Can you tell us where you read this?

I have used FTPS, which is FTP encrypted.
https://en.wikipedia.org/wiki/FTPS


--
Kind regards
Ralph

On Mon, 07 Oct 2019 06:51:02 +1300, Ralph Fox wrote:

On Sun, 6 Oct 2019 08:56:11 -0400, Mayayana wrote:

But there is one issue
with no solution: I read recently that FTP can't be
encrypted.

Can you tell us where you read this?

You have to differentiate FTP from FTPS and SFTP.

With plain FTP, the session isn't encrypted, meaning the username and
password can be sniffed. The payload can be encrypted, of course, but that
would have to be done before the transfer.

With FTPS and SFTP, the entire session is encrypted. Mostly.

I have used FTPS, which is FTP encrypted.
https://en.wikipedia.org/wiki/FTPS

"Ralph Fox" wrote

| But there is one issue
| with no solution: I read recently that FTP can't be
| encrypted.
|
| Can you tell us where you read this?
|
| I have used FTPS, which is FTP encrypted.
| https://en.wikipedia.org/wiki/FTPS
|

I don't remember where I saw it but I think it was in
connection with the push for https in browsers. In other
words, that browsers don't support encrypted FTP, which
would mean no longer being able to download directly
from FTP links and browse FTP storage. Most people
don't actually use FTP software.

You probably know more about it than I do. I may be
wrong. But this site seems to bear out what I read:

https://www.cerberusftp.com/support/help/ftp-support/

In article , Mayayana
wrote:

| But there is one issue
| with no solution: I read recently that FTP can't be
| encrypted.
|
| Can you tell us where you read this?
|
| I have used FTPS, which is FTP encrypted.
| https://en.wikipedia.org/wiki/FTPS
|

I don't remember where I saw it but I think it was in
connection with the push for https in browsers. In other
words, that browsers don't support encrypted FTP, which
would mean no longer being able to download directly
from FTP links and browse FTP storage. Most people
don't actually use FTP software.

most people don't use ftp.

those who do, use ftp software, which supports sftp and ftps.

Mayayana wrote:
"Ralph Fox" wrote

| But there is one issue
| with no solution: I read recently that FTP can't be
| encrypted.
|
| Can you tell us where you read this?
|
| I have used FTPS, which is FTP encrypted.
| https://en.wikipedia.org/wiki/FTPS
|

I don't remember where I saw it but I think it was in
connection with the push for https in browsers. In other
words, that browsers don't support encrypted FTP, which
would mean no longer being able to download directly
from FTP links and browse FTP storage. Most people
don't actually use FTP software.

Sftp/ftps have been secure alternatives to ftp for decades. File download
sites need to update their servers if they wish to continue to have their
users use web browsers as clients.

On 05/10/2019 21:41, 😉 Good Guy 😉 wrote:
Google Chrome will gradually start ensuring that https:// pages can only
load secure https:// subresources. In a series of steps outlined the
article linked below, They will start blocking mixed content (insecure
http:// subresources on https:// pages) by default. This change will
improve user privacy and security on the web, and present a clearer
browser security user experience to users.

https://blog.chromium.org/search/label/chrome%20security
--
With over 1,000,000 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.


By the way you posted this here so can you tell us what has this got to
do with Windows 10?