• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 476
  • Last Modified:

https needed on form action file?

we use ssl on a page where people submit credit card information but i just noticed that when they hit submit it goes to a http page, not a https page. (i.e. http://mywebsite.com/processpayement.php
  I don't know if this is a security risk for the credit card data or not.  I am fixing it now, but there are literally dozens of files I need to change and I'm trying to figure out if I'm wasting my time plugging a non-existent hole
  • 2
1 Solution
According to PCI-DSS standards CC numbers and other related information MUST be encrypted when being transmitted over public networks.

What do you mean by files?

It does not matter how the data is transmitted, you CAN'T store CC information in clear text, it MUST be store encrypted.
mignonnedavisAuthor Commented:
sorry, my question is unclear.  In the html form called by https://mywebsite.com/enterpayment.html there is a line:
<form method="POST" action="http://mywebsite.com/processpayment.php" ....>

I'm simply asking if this is insecure.  Should the action always be an https to be secured as well or is it enough that the page where they enter their credit card information is already secured?
With http instead of https any data that is being posted when you click on that link is being transmitted in clear text.

Yes the action should be "https://mywebsite.com/processpayment.php".
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now