?
Solved

https needed on form action file?

Posted on 2010-09-14
3
Medium Priority
?
466 Views
Last Modified: 2012-05-10
we use ssl on a page where people submit credit card information but i just noticed that when they hit submit it goes to a http page, not a https page. (i.e. http://mywebsite.com/processpayement.php
  I don't know if this is a security risk for the credit card data or not.  I am fixing it now, but there are literally dozens of files I need to change and I'm trying to figure out if I'm wasting my time plugging a non-existent hole
0
Comment
Question by:mignonnedavis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 33678745
According to PCI-DSS standards CC numbers and other related information MUST be encrypted when being transmitted over public networks.

What do you mean by files?

It does not matter how the data is transmitted, you CAN'T store CC information in clear text, it MUST be store encrypted.
0
 

Author Comment

by:mignonnedavis
ID: 33680798
sorry, my question is unclear.  In the html form called by https://mywebsite.com/enterpayment.html there is a line:
<form method="POST" action="http://mywebsite.com/processpayment.php" ....>

I'm simply asking if this is insecure.  Should the action always be an https to be secured as well or is it enough that the page where they enter their credit card information is already secured?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 2000 total points
ID: 33680927
With http instead of https any data that is being posted when you click on that link is being transmitted in clear text.

Yes the action should be "https://mywebsite.com/processpayment.php".
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question