119849 – location bar is yellow with "lock" icon, although connection is not SSL encrypted

Bug 119849 - location bar is yellow with "lock" icon, although connection is not SSL encrypted

Summary: location bar is yellow with "lock" icon, although connection is not SSL encry...

Status:	RESOLVED NOT A BUG

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	3.5
Platform:	unspecified Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Duplicates (1):	122529 (view as bug list)
Depends on:
Blocks:

Reported:	2006-01-10 11:07 UTC by Jens
Modified:	2006-08-22 10:26 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Jens 2006-01-10 11:07:39 UTC

Version:           3.5 (using KDE 3.5.0 Level "a" , SUSE 10.0 UNSUPPORTED)
Compiler:          Target: i586-suse-linux
OS:                Linux (i686) release 2.6.13-15.7-default

Hi,
this one seems to be new in KDE 3.5. I used to hit Alt-F2 and type "freemail.web.de" for my webmail address. WEB.DE supports both non-SSL and SSL connections.

Now when I do this with KDE 3.5, the location bar says "http://freemail.web.de", but the location bar background is yellow, and the "lock" icon at the bottom  is closed. BUT the tooltip that appears when hovering over the lock icon says "the connection is not secured".

When I change the "http:" to "https:" above, and hit ENTER, nothing (visible) changes but the tooltip now shows "The connection is secured by SSL-bla MAC-SHA-foo whatever".

Something is very wrong here =;)

Jens

Comment 1 Thiago Macieira 2006-01-10 14:11:10 UTC

If you look at it closely, you'll see the padlock icon is half-transparent. Clicking the icon reports "Parts of this webpage are secure but the main part isn't".

No bug.

Comment 2 Jens 2006-01-10 15:05:49 UTC

Hello,

So this is perhaps technically correct, but I still think it is very bad behaviour in terms of usability. Users can be tricked into believing they are visiting a secure site by the yellow background which has become "common" for indicating secure connections. Plus, the tooltip of the status bar icon is (IMHO) misleading.

I didn't know there was a distinction between "encrypted" and "half encrypted" for web sites and you really need to look very closely at the icon to see the difference. If there is no other way to make this difference clear I would suggest a popup window that says "This web site is partially encrypted, indicated by this icon: [_]" with a "Don't show again" checkbox, like Konq does with normally encrypted web sites.

However, this way, the user still does not know which parts of the web site are encrypted. Maybe (e.g. in the case of HTML forms) the parts that are SSL encrypted could be highlighted when clicking on the icon, like when showing the DOM tree?

Thanks!

Comment 3 Thiago Macieira 2006-01-10 16:27:53 UTC

George is aware of this. Konqueror/KDE4 will have a revamped interface wrt to SSL and will match the behaviour of the other major browsers.

Comment 4 Dirk Stoecker 2006-08-22 10:26:38 UTC

*** Bug 122529 has been marked as a duplicate of this bug. ***