Re: OT, security of non-https transaction
- From: Gareth Halfacree <usenet@xxxxxxxxxxxxxxx>
- Date: Fri, 14 Jul 2006 08:50:43 +0100
Dave wrote:
I want to order some software via the net.
I click Pay, and get connected to the vendors web site.
I trust the person running the site (for reasons not worth going into). However
that site uses http (not https). The page I am asked to complete **includes my
credit card details!**
Anyone tell me what I am missing here?
Thanks
A link to the website in question would help, but I'll see if the crystal ball is working today...
An SSL certificate is fairly expensive for an individual or small business, so many people use an alternative method of accepting credit card details. One is to take the order details over an insecure link and then forward the user to a payment portal over an HTTPS link. This sounds like it isn't the method being used in your question, however.
An alternative method offered by some 'shopping cart' software (and one I have seen used in three or four online stores) is to have an IFRAME within the page which loads a javascript applet. This applet connects to the payment portal via HTTPS (or an SSL encrypted stream of some sort, usually with a self-issued certificate) invisibly to the user (i.e. you'll still see an unsecured HTTP connection in your address bar). This method has become somewhat unpopular in these days of phishing, but some sites still stick with it.
As I say, without visiting the site in question we (TINW) can offer limited advice.
--
Gareth Halfacree
http://gareth.halfacree.co.uk
.
- Prev by Date: Re: Question - How much can a laptop do?
- Next by Date: Re: USB to 9 pin serial connectivity
- Previous by thread: Question - How much can a laptop do?
- Next by thread: Re: OT, security of non-https transaction
- Index(es):
Relevant Pages
|
