Good day!
YES - you need to secure your own page as it is your server and site.
Please let us know if we can be of any further assistance.
Announcement
Collapse
No announcement yet.
Security of posting to SSL from non-SSL page
Collapse
X
-
Ok, then to be totally clear, we are responsible for securing the FORM PAGE on our site and the form will use the remote cert when submitting the data.
Leave a comment:
-
Good day!
The FaaS processor does not process any transaction in production mode that is not being posted from a secure page. The referring URL has to be secure or the end user will get the following error:
During the development we don't require SSL if the OrderMode is set to TEST (http://manual.clickandpledge.com/For...tml#Order_Mode)
In TEST mode the test credit card is the only card that works. Once the OrderMode is set to Production the FaaS processor will return the above ALERT if the referring URL is not secure (https://)
I hope that answers your question.
& yes you are right- if the posting URL is not secure the man-in-the-middle attack is quite possible as the communication may be intercepted before hitting the secure server and in the middle data is not encrypted- which of course makes perfect sense.
Leave a comment:
-
Security of posting to SSL from non-SSL page
Hello, a client is looking to implement FaaS for their donations.
I have a question / possible concern going from a NON-SSL page to an SSL POST request. We would be posting to FaaS which is SSL from our non-SSL form, which seems to be the normal implementation.
So this raises a few questions for me
1. There will be no HTTPS visible when the user submits the form. The user may not know that the form is secure.
2. The site could be vulnerable to MITM (man in the middle) attacks
Please see the following for an explanation of number 2
http://stackoverflow.com/questions/6130436/is-posted-information-from-non-ssl-to-an-ssl-secure
There seems to be some contention about the possibility of the second item, so before raising any red flags, I want to consider the probability of occurrence and accepted practice in this instance.
Any insights would be greatly appreciatedTags: None
Leave a comment: