CODEWITHSUNDEEP
securityiframe
Arbejdsglæde
Arbejdsglæde

Reputation: 14088

Could I use an iframe for implement web payments procedure

Hello I would like to implement a payments on my web site. I have a requirements that to do it in iframe with hidden address bar. But in this case user would't be abble to see that we are using HTTPS protocol for sending data and e.t.c Does is it good practice or it is looks like security issue ?

Upvotes: 0

Views: 281

Answers (2)

gauravphoenix
gauravphoenix

Reputation: 3082

I don't think it is a good idea to hide HTTPS information from end users. If you look at any web security for dummies kind of guide, they all say that when you enter private/financial information etc make sure your address bar display the lock etc.

Even though you may in your HTML that you are using HTTPS, do you really expect users to "view source" your HTML and/or use Fiddler etc? No right?

So, do the right thing- show HTTPS URL.

BTW, from security perspective, if the first page you serve is NOT over SSL, someone could just modify HTML and inject a malicious HTTPS link with valid cert. That is why it is very important to have SSL enabled on your whole website.

No wonder HTTP 2.0 is going to be all SSL :)

Upvotes: 1

Syed Sajid
Syed Sajid

Reputation: 1410

Technically you don't need HTTPS if you are using iFrames for checkout. Ofcourse the 3rd party website is always protected... BUT since you cannot explain this to your customers/clients, so you have to have a HTTPS even you are using iFrames even it is secure but to make your customers feel actually that they secure you should have SSL (HTTPS).. Or I know many of your customers will simply leave your website... SO YOU DO NEED IT... YES

Upvotes: 1

Related Questions