When using a web browser, why do I receive messages warning me about secure connections?

The Internet contains both secure and non-secure web sites. When you are connected to a secure site (i.e., a site whose URL begins with https:), data being passed across the network is encrypted. On a non-secure site (i.e., a site whose URL begins with http:), the data being passed is not encrypted. When you enter or leave a secure site, some web browsers present a message stating that the security status of the pages you are viewing is changing. This message is a courtesy feature of web browsers designed to alert you to the fact that you are entering or leaving a secure site, such as OneStart or the IUIE.

As an example, consider the OneStart portal, designed to be the starting point for web-based services at Indiana University. As such, it contains both secure and non-secure content. When transferred over the connection, secure content is encrypted under Secure Sockets Layer (SSL).

The OneStart framework itself is secured under SSL, and thus is a secure environment. In addition, any content area within OneStart that requires SSL due to the private nature of the content, such as the Bursar Payment Service, is also secured under SSL. However, the broad range of content contained within OneStart consists of both secure and non-secure content. Your web browser provides a pop-up warning whenever you leave a secure site and move to a non-secure site.

In Internet Explorer, any page in OneStart with a mix of secure and non-secure content will automatically trigger the Security Information pop-up message. If you select Yes, you will see the OneStart page as intended. Secure content areas will still be under SSL and encrypted, while non-secure content areas will be transferred unencrypted. If you select No, the non-secure content areas will not be rendered correctly on the page. You will see blank space or an "Action canceled" message in the non-secure content area space.