
Does this matter? or am I just noob
(edit due to anal english police)
![]() ![]() ![]() ![]() |
|
I am the Geekzone Robot and I am here to help. I am from the Internet. I do not interact. Do not expect other replies from me.
These links are referral codes: Sharesies | Mighty Ape
NonprayingMantis: Unsecured I think is the term you are looking for.
Insecure means to be nervous, unsure, not confident etc.
Zeon: If this place is anything like gpforums there will be a stuff reporter who will turn this into front page news and something will happen :)
timmmay: Showing the billing page over http isn't really a big problem so long as the submit is https, other than lack of confidence.
Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync | Backblaze backup
timmmay: Ah yes, xss, I haven't done much security work in a while and forgot about the whole injection thing. If there's an iFrame that's secure surely a script can't mess with the contents of the secure part?
timmmay: Still I think the whole page should be on https just to give customers confidence. People are told over and over not to enter credit card details on a page unless the little lock symbol is showing.
Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync | Backblaze backup
---
James Sleeman
I sell lots of stuff for electronic enthusiasts...
troyhunt: Whether or not it posts over HTTPS is inconsequential; once the form is loaded over HTTP you have no confidence whatsoever in the integrity of the page - it could be posting to an attacker's site, have a keylogger embedded or be manipulated in other ways. Here's how that works: http://www.troyhunt.com/2013/05/your-login-form-posts-to-https-but-you.html
The payment card industry has pretty clear expectations on how this sort of data needs to be handled and this implementation definitely isn't up to scratch.
|
![]() ![]() ![]() ![]() |