It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussion (archive)Check-out page, connection partially encrypted?(12 posts)(12 posts)
(12 posts)
Pages:
1
This is my favourite topic
Posted July 04, 2011
Wanted to buy a few games, then at the check-out page the URL was red (Firefox) meaning something is off with the secure/encrypted connection. I've never had anything but green, meaning ok, before.

In the status view of the web-page it said that there's no specified verification of the certificate and that the connection is partially encrypted and that information sent over the internet without encryption can be intercepted by other people while in transit.

Never seen this before at GOG so I'm a little sceptical, and paranoid, these days. And I never purchase at any site unless the https/encryptions shows a-ok in green.
No posts in this topic were marked as the solution yet. If you can help, add your reply
Posted July 04, 2011
avatar
xiriod: Wanted to buy a few games, then at the check-out page the URL was red (Firefox) meaning something is off with the secure/encrypted connection. I've never had anything but green, meaning ok, before.

In the status view of the web-page it said that there's no specified verification of the certificate and that the connection is partially encrypted and that information sent over the internet without encryption can be intercepted by other people while in transit.

Never seen this before at GOG so I'm a little sceptical, and paranoid, these days. And I never purchase at any site unless the https/encryptions shows a-ok in green.
It has to be some recent site update. The same situation on Account page. See this post
http://www.gog.com/en/forum/general/gog_com_account_not_https
Posted July 04, 2011
Ahh, ok. Seems they are working on it. Just hope they fix it before the sale ends. No matter how secure it seems to be I'm not taking any chances. :) Thank you for your reply.
Posted July 04, 2011
avatar
xiriod: Ahh, ok. Seems they are working on it. Just hope they fix it before the sale ends. No matter how secure it seems to be I'm not taking any chances. :) Thank you for your reply.
Your not taking any chances. The connection is secure and encrypted period.

Some browsers are a bit overzealous in terms of determining encryption. We're working on resolving this issue, but the only resulting change will be a different icon. There is no impact on security of your data.
Posted July 04, 2011
avatar
Venom: Your not taking any chances. The connection is secure and encrypted period.

Some browsers are a bit overzealous in terms of determining encryption. We're working on resolving this issue, but the only resulting change will be a different icon. There is no impact on security of your data.
Good luck in convincing some people of that, some people are obsessed with the shiny green icon (not even the blue one is good enough for some people). The warning clearly states that only 'part of the site' is retrieved from a non-encrypted source, usually the images (or that has been my experience as a server admin).
Note, this is me talking about this in general and is not in any way meant to insult anyone on this forum. I just got flashbacks to a particularly irritating customer I had to deal with last year with this same issue.
Posted July 04, 2011
avatar
xiriod: Ahh, ok. Seems they are working on it. Just hope they fix it before the sale ends. No matter how secure it seems to be I'm not taking any chances. :) Thank you for your reply.
avatar
Venom: Your not taking any chances. The connection is secure and encrypted period.

Some browsers are a bit overzealous in terms of determining encryption. We're working on resolving this issue, but the only resulting change will be a different icon. There is no impact on security of your data.
It's not merely "some browsers being overzealous". Every browser should give this warning, unless the user has disabled it. (These warnings are so common and annoying that most users disable them forever in their first session on a new desktop.)

The fact that a particular connection is encrypted and secure does not mean that the entire page is encrypted and secure. The checkout page does contain unencrypted content, consisting of links to images and other gog.com content. A browser correctly displays the "encrypted page that contains some unencrypted information" and "you are about to leave an encrypted page" warnings when you navigate to or from such a page.

But those warnings are harmless. If, on the other hand, you were to get a "information you have entered is to be sent over an unencrypted connection" warning, you would be justified in raising an alarm. Since the gog.com checkout page gives no such warning, Venom's assurance that the connection is a secure one is true.
Post edited July 04, 2011 by cjrgreen
Posted July 04, 2011
With Ajax stuff you will almost always get this warning. No need to encrypt all the page's assets (images and such) I think that's what you're getting. I've bought stuff in the last two weeks, no issues.
Posted July 04, 2011
avatar
cjrgreen: But those warnings are harmless.
You sure? Generally browsers don't give warnings about harmless. It's harmless in terms of GOG, assuming that the site has been visited by a direct route. If someone has found an XSS vuln in GOG (and presented someone with a nasty link), then it's a totally valid warning that they may in fact be in control of your browser, and the payment screen you then go to won't be GOG's (though they'll take your payment details all the same).
Posted July 04, 2011
FWIW I did not get this warning with FF 3.6 (latest patch) 2 weeks ago.
Posted July 04, 2011
avatar
cjrgreen: But those warnings are harmless.
avatar
wpegg: You sure? Generally browsers don't give warnings about harmless. It's harmless in terms of GOG, assuming that the site has been visited by a direct route. If someone has found an XSS vuln in GOG (and presented someone with a nasty link), then it's a totally valid warning that they may in fact be in control of your browser, and the payment screen you then go to won't be GOG's (though they'll take your payment details all the same).
The situation you describe would not give that warning; it would give an "information to be sent over an unencrypted connection" warning.

Browsers give numerous warnings about conditions that are benign and related to Web sites that were designed without complete and thorough attention to security. This is probably unfortunate, because it entices users into ignoring most of them, or setting their browsers to ignore them. It is also difficult for mainstream users to tell the difference between a benign condition and a dangerous one, from the jargon in the warning message.
avatar
orcishgamer: FWIW I did not get this warning with FF 3.6 (latest patch) 2 weeks ago.
Probably because that warning is "off", either by default or because you turned it off earlier. Check Tools->Options->Security->Settings. The warnings that are enabled vs. disabled are listed there.
Post edited July 04, 2011 by cjrgreen
Posted July 04, 2011
avatar
cjrgreen: Probably because that warning is "off", either by default or because you turned it off earlier. Check Tools->Options->Security->Settings. The warnings that are enabled vs. disabled are listed there.
Good call, I turned it off, probably ages ago.
Posted July 05, 2011
I use IE8 and I'm sure I didn't have such warnings until yesterday. So there has to be recent change on site.
Pages:
1
This is my favourite topic
Community
General discussion (archive)Check-out page, connection partially encrypted?(12 posts)(12 posts)
(12 posts)