Interesting.

[Goose]

http://www.37signals.com/svn/posts/1431-mixed-content-warning-how-i-loath-thee

[Tse-Wen Tom Wang]

Unfortunately DHH is probably wrong here regarding the warning being superfluous. Any page that is served over mixed content (SSL and non-SSL) is likely not secure at all. If you want more details, read the comments below this page. There are just way too many potential ways to hack a mixed content page.

Tom

On Sat, Dec 6, 2008 at 10:56 AM, Goose <gustav....@gmail.com> wrote:

http://www.37signals.com/svn/posts/1431-mixed-content-warning-how-i-loath-thee