always best to keep it as safe as possible - skip the SSL on your site and have customers enter their card numbers on the 3rd party payment processor's SSL pages.

Well, this way I can hide PayPal's button info which contains the download page. It's a php script that's cURL-like but doesn't use cURL.

If I posted from my https site to the 3rd party PayPal's https site, do they get another prompt because of different secured servers or does it just post?

Thanks

If I have my site SSL'd and post credit card info to a 3rd party processing SSL site, is it secure?

Yes, it would even be secure to post from a non secure web page, as long as the page you are POSTing to is secure (https://).

If I posted from my https site to the 3rd party PayPal's https site, do they get another prompt because of different secured servers or does it just post?

I did this on one of our e-commerce sites recently, and no it didn't bring up a prompt or anything, it just POSTed.

Ok..Thanks

What I still don't understand is how, if my site was not SSL'd, it could be posted securely. I guess they'd get the prompt then since it's going to a https page...but how could it possibly be secure if my server wasn't SSL'd?

Thanks