• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 472
  • Last Modified:

https needed on form action file?

we use ssl on a page where people submit credit card information but i just noticed that when they hit submit it goes to a http page, not a https page. (i.e. http://mywebsite.com/processpayement.php
  I don't know if this is a security risk for the credit card data or not.  I am fixing it now, but there are literally dozens of files I need to change and I'm trying to figure out if I'm wasting my time plugging a non-existent hole
0
mignonnedavis
Asked:
mignonnedavis
  • 2
1 Solution
 
giltjrCommented:
According to PCI-DSS standards CC numbers and other related information MUST be encrypted when being transmitted over public networks.

What do you mean by files?

It does not matter how the data is transmitted, you CAN'T store CC information in clear text, it MUST be store encrypted.
0
 
mignonnedavisAuthor Commented:
sorry, my question is unclear.  In the html form called by https://mywebsite.com/enterpayment.html there is a line:
<form method="POST" action="http://mywebsite.com/processpayment.php" ....>

I'm simply asking if this is insecure.  Should the action always be an https to be secured as well or is it enough that the page where they enter their credit card information is already secured?
0
 
giltjrCommented:
With http instead of https any data that is being posted when you click on that link is being transmitted in clear text.

Yes the action should be "https://mywebsite.com/processpayment.php".
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now