Welcome to WebmasterWorld Guest from 54.145.144.101

Forum Moderators: phranque

Message Too Old, No Replies

How secure is this?

No https:// on form page

   
11:46 am on Jan 12, 2004 (gmt 0)

10+ Year Member



Hi

A supplier of ours has launched their new site which requires a credit card number to be entered on a non secure / http:// page.

Looking at the source, I can see the data is POSTed to an ASP script on a secure site but should I be concerned about the entering the details on their non encrypted form page?

Cheers

12:18 pm on Jan 12, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Yes! I would be concerned. The form page should be encrypted.
12:22 pm on Jan 12, 2004 (gmt 0)

10+ Year Member



From a technical point of view, there is no security problems as long as the form POSTs the data to a secure page. This ensures that the transmission of your data is encrypted.
12:33 pm on Jan 12, 2004 (gmt 0)

WebmasterWorld Senior Member sem4u is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I would be concerned about typing my credit card details into a page that is not shown to be secure in the URL. I need to see https:// before I am happy.
2:04 pm on Jan 12, 2004 (gmt 0)

10+ Year Member



Thanks for the confirmation.

I will speak to the supplier.

1:09 am on Jan 13, 2004 (gmt 0)

10+ Year Member



A supplier of ours has launched their new site which requires a credit card number to be entered on a non secure / http:// page.

<edited by Gorufu>
If the requested form wasn't sent from an SSL server, the end user may not trust the site.
</edited>

Looking at the source, I can see the data is POSTed to an ASP script on a secure site but should I be concerned about the entering the details on their non encrypted form page?

<edited by Gorufu>
When the form is submitted the secure server sends the site's ssl.cert to the browser, which encrypts the data before sending it.
</edited>

After doing some packet sniffing between two of my servers, I found that information I previously posted was incorrect and has been edited to reflect the results of my testing.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month