homepage Welcome to WebmasterWorld Guest from 54.198.8.124
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

    
How secure is this?
No https:// on form page
elgumbo




msg:658137
 11:46 am on Jan 12, 2004 (gmt 0)

Hi

A supplier of ours has launched their new site which requires a credit card number to be entered on a non secure / http:// page.

Looking at the source, I can see the data is POSTed to an ASP script on a secure site but should I be concerned about the entering the details on their non encrypted form page?

Cheers

 

Birdman




msg:658138
 12:18 pm on Jan 12, 2004 (gmt 0)

Yes! I would be concerned. The form page should be encrypted.

lundsfryd




msg:658139
 12:22 pm on Jan 12, 2004 (gmt 0)

From a technical point of view, there is no security problems as long as the form POSTs the data to a secure page. This ensures that the transmission of your data is encrypted.

sem4u




msg:658140
 12:33 pm on Jan 12, 2004 (gmt 0)

I would be concerned about typing my credit card details into a page that is not shown to be secure in the URL. I need to see https:// before I am happy.

elgumbo




msg:658141
 2:04 pm on Jan 12, 2004 (gmt 0)

Thanks for the confirmation.

I will speak to the supplier.

Gorufu




msg:658142
 1:09 am on Jan 13, 2004 (gmt 0)

A supplier of ours has launched their new site which requires a credit card number to be entered on a non secure / http:// page.

<edited by Gorufu>
If the requested form wasn't sent from an SSL server, the end user may not trust the site.
</edited>

Looking at the source, I can see the data is POSTed to an ASP script on a secure site but should I be concerned about the entering the details on their non encrypted form page?

<edited by Gorufu>
When the form is submitted the secure server sends the site's ssl.cert to the browser, which encrypts the data before sending it.
</edited>

After doing some packet sniffing between two of my servers, I found that information I previously posted was incorrect and has been edited to reflect the results of my testing.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved