June 15, 2019 | Palace Hotel, San Francisco
ACM-IMS Interdisciplinary Summit on the Foundations of Data Science

ACM and the Institute of Mathematical Statistics are bringing together speakers and panelists to address topics such as deep learning, reinforcement learning, fairness, ethics, and the future of data science. Jeannette Wing and David Madigan are the event Co-Chairs.


March/April 2019 issue of acmqueue The March/April 2019 issue of acmqueue is out now

Subscribers and ACM Professional members login here

Web Security

  Download PDF version of this article PDF

Error 526 Ray ID: 4dbd0ad46d69ccd2 • 2019-05-24 05:59:13 UTC

Invalid SSL certificate








What happened?

The origin web server does not have a valid SSL certificate.

What can I do?

If you're a visitor of this website:

Please try again in a few minutes.

If you're the owner of this website:

The SSL certificate presented by the server did not pass validation. This could indicate an expired SSL certificate or a certificate that does not include the requested domain name. Please contact your hosting provider to ensure that an up-to-date and valid SSL certificate issued by a Certificate Authority is configured for this domain name on the origin server. Additional troubleshooting information here.


Originally published in Queue vol. 10, no. 11
see this item in the ACM Digital Library



(newest first)

Cris Perdue | Thu, 07 Mar 2013 17:47:53 UTC

Thanks for the lively discussion of practical issues in browser security. I especially appreciate the comments on Convergence, "Do Not Track", and clickjacking, in addition to the overview of the area.

I have a question related to same-origin policy. A lot of browser security, and privacy, issues I am aware of are most readily enabled by cross-site request capabilities of browsers, and this appears to me to include clickjacking as well as intranet hacking and browser-based cross-site user tracking.

My question is, if a page were in a mode that prohibited all cross-site requests, wouldn't that eliminate several classes of browser vulnerabilities? I picture this being done by an HTML header, and would apply to everything in the page, including scripts, images, frames, and so on. This mode could have a clear visible indicator in the browser's UI, much as SSL does today.

I see it as a way for the operators of a web site to take fuller responsibility for the content and functioning of pages, which seems like something interested users could fairly easily understand and appreciate, along the lines of "all content served by [web site operator]". This seems like a more than reasonable expectation to have of commercial services such as shopping and financial sites.

Presumably execution of JavaScript, say from an in-browser debugger or a bookmarklet, would be permitted, but irrevocably remove the mode from the page.

Thank you, Cris Perdue

Leave this field empty

Post a Comment:

© 2018 ACM, Inc. All Rights Reserved.