How to embed HTTP content inside a HTTPS webpage / Mixed content problems

If you are running a webpage and you decide to move to SSL protection you can encounter the following problem: Inside your webpage you are using tags like "iframe", "script" or "link" pointing to HTTP servers. This is considered as mixed active content (mozilla):

Mixed active content is content that has access to all or parts of the Document Object Model of the HTTPS page. This type of mixed content can alter the behavior of the HTTPS page and potentially steal sensitive data from the user. Hence, in addition to the risks described for mixed display content above, mixed active content is vulnerable to a few other attack vectors.
And this will not work...

The best solution is: change all links from HTTP to HTTPS and you are done.

But there are still websites which offer their content in HTTP only. If you really trust them, you can do the following:
Add the link inside a https proxy like https://ssl-proxy.my-addr.org/myaddrproxy.php/http/yourlink

Of course this is not an excellent solution, but a workaround which allows you to protect your website and if you seperate this solution from the pages, which deal with sensitive content you should be fine...


Linux: keyring-password for wlan needed / legitimate wlan login

Each time i resume my notebook after a suspend to disk-cycle the connection to WLAN hangs with the following message:

 (Die Systemrichtlinien verhinder das Bearbeiten von Netzwerkeinstellungen für alle Benutzer / Enter password for default keyring to unlock)
I tried to fix this via network-manager with adding the hook at the checkbox "Alle Benutzer dürfen dieses Netzwerk verwenden", but this did not help at all.
The point is, that after resuming my login keyring wants a authentication with password again. But this behaviour can be easily changed with the tool seahorse.
(Installation in debian with:  apt-get install seahorse)

After starting seahorse choose "File -> New" and you will get the following dialog:
 Create a new password-keyring (Passwort-Schlüsselbund) -
 Choose a name -
 and do not enter a password (this is not really secure, but if you configure your screensaver to lock your screen with a password, this should not be a problem)
 Confirm an empty password - and the you are done.

At the end you have to delete the old keyring (the one with the password):
This is done with right clicking the appropriate item...

After all this steps you should not see this legitimate-popup anymore...


Review at amazon: Projektbegleitendes Projektmanagement

Today i finished the book "Projektbegleitendes Projektmanagement:

The author created a quite good reference for project and quality management. If you need a short summary of ISO 9001 or best practices for quality assurance, you will find this in a few pages.
I would like to pay particular attention to the following part: The chapters 9 to 11 contain many checklists, table of contents for some needful documents and so on...
From my point of view this is already sufficient for the purchase of this book.

If you are interested, take a look at my review at amazon.de. (like all my reviews: written in german ;-)