Solved

https needed on form action file?

Posted on 2010-09-14
3
443 Views
Last Modified: 2012-05-10
we use ssl on a page where people submit credit card information but i just noticed that when they hit submit it goes to a http page, not a https page. (i.e. http://mywebsite.com/processpayement.php
  I don't know if this is a security risk for the credit card data or not.  I am fixing it now, but there are literally dozens of files I need to change and I'm trying to figure out if I'm wasting my time plugging a non-existent hole
0
Comment
Question by:mignonnedavis
  • 2
3 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 33678745
According to PCI-DSS standards CC numbers and other related information MUST be encrypted when being transmitted over public networks.

What do you mean by files?

It does not matter how the data is transmitted, you CAN'T store CC information in clear text, it MUST be store encrypted.
0
 

Author Comment

by:mignonnedavis
ID: 33680798
sorry, my question is unclear.  In the html form called by https://mywebsite.com/enterpayment.html there is a line:
<form method="POST" action="http://mywebsite.com/processpayment.php" ....>

I'm simply asking if this is insecure.  Should the action always be an https to be secured as well or is it enough that the page where they enter their credit card information is already secured?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 33680927
With http instead of https any data that is being posted when you click on that link is being transmitted in clear text.

Yes the action should be "https://mywebsite.com/processpayment.php".
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now