Reputation: 8663
https on a third party non https site
Let's say there is a third party site not protected under https.
The third party site integrated a javascript call that basically gets a payment form from my site and adds the payment form on the third party site.
The person fills out the payment form which has a form action of "https://example.com/... " where example.com is my site.
Will their information be encrypted even though they are filling out the payment form on a site not https protected, but the form action is https protected.
so basically:
the site that the payment form gets shown in is called http://thirdparty.com/welcome
The payment form has the following form code:
<form name = "payment" action = "https://example.com/process">
this form is being shown on a non-https encrypted site: http://thirdparty.com/welcome and being sent to https://example.com/process
will the information provided in that form be encrypted?
Upvotes: 0
Views: 105
Answers (1)
Reputation: 943608
The information they submit will be encrypted when it is sent over HTTP…
… but the page containing the form is insecure, can be intercepted enroute to the client, and can have extra JavaScript added to it. Such JavaScript might copy the payment information they enter to an attacker's server (before it gets encrypted).
So the approach is, overall, not secure.
The user should be directed to a form hosted by your site in a page on your site, and not embedded on a third party site.
Upvotes: 1
Related Questions
- Make a HTTPS request through PHP and get response
- What do I have to code to use HTTPS?
- PHP page to be HTTPS
- how to include https site using php
- Php https request for a page
- Sending data across websites using from HTTP and receiving in HTTPS
- load https website with php
- SSL and Non-Secure Resources
- How to make a website in PHP work both in HTTP and HTTPS?
- how to setup php code to use ssl with https connection