The subject line about sums it up... If I have a form on a non-secure page, but the
action
attribute is pointing to a secure URL, is the transaction actually secure?
I think it must be, but I thought it was worth asking about anyway.
physics
10:25 pm on Apr 3, 2008 (gmt 0)
AFAIK the actual transmission of the data when the user hits submit will be secure. However, entering the data may not be secure because there may be insecure JavaScript on the page that transmits the info before it's submitted (using AJAX, say). In any case it's best to have a form that asks for things like a credit card on an actual https page so the user doesn't have to worry about this very question.
