InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Red Lock, Green Lock, I Still Don't Quite Understand

https://forums.informaction.com/viewtopic.php?t=24405

Page 1 of 1

Red Lock, Green Lock, I Still Don't Quite Understand

Posted: Sun Jan 07, 2018 11:24 pm
by Skeezix
I'm still trying to wrap my mind around the red and green locks. As one who is new to NS ver 10, it seems as though the green lock limits scripting to those sites that use the HTTPS protocol, and the red lock doesn't limit anything at all. I keep thinking that the red color would indicate more restriction than the green color.

After all, a red traffic light means STOP, and a green light means it's okay to GO. So yesterday I went merrily on my way, giving green locks to every URL in my Trusted list that had a HTTPS at the start, and red locks to those that didn't. Now, after reading more in the Hackademix.net writeups, it appears that all I did was open myself up to more danger by giving the red locks out.

I guess my question here is, did I screw up (again)?

Re: Red Lock, Green Lock, I Still Don't Quite Understand

Posted: Sun Jan 07, 2018 11:46 pm
by bo elam
Skeezix wrote:I keep thinking that the red color would indicate more restriction than the green color.

After all, a red traffic light means STOP, and a green light means it's okay to GO.
I guess you could also see the Red light/Lock as dangerous and the Green Light(Lock as safer. So, we are safer when we allow green and somewhat more dangerous when allowing red.
Skeezix wrote:So yesterday I went merrily on my way, giving green locks to every URL in my Trusted list that had a HTTPS at the start, and red locks to those that didn't. Now, after reading more in the Hackademix.net writeups, it appears that all I did was open myself up to more danger by giving the red locks out.

I guess my question here is, did I screw up (again)?
I think you did good. In my case, I keep an small list of Trusted domains. If the site works with green and red is not required, I allow/Trust green. If the site requires red, then I allow/Trust red. I allow Red only if the site dont work with green. The NoScript menu makes it easy to figure out what color you need to allow by looking at the color of the domain, black or red.

Bo

Re: Red Lock, Green Lock, I Still Don't Quite Understand

Posted: Mon Jan 08, 2018 12:21 am
by Skeezix
Thank you for replying. I'll change my red locks to green ones because I believe the green lock is more restrictive than a red lock.

I think. :?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited