cfdiv bind and https

How do I make my cfdiv bind url into https, I want to secure the following URL.

<cfdiv bind="url:OnlineTransactionPayment.cfm?userid={userid@none}&processstep={processstep@none}&btnSearch={btnSearch@click}&tranno={tranno@none}&totalcost={totalcost@none}&itemcount={itemcount@none}&shNewsType=#shNewsType#&pubdate=#pubdate#&selOption=#selOption#}" ID="payonlineform" name="payonlineform" bindonload="false" />
smares32371Asked:
Who is Participating?
 
gdemariaConnect With a Mentor Commented:

The contents you are loading will not be considered secure because the page itself is not secure.   I think you need to reload the page to https first before executing any ajax.    To be safe, you should probably load the page via https the first time and every time just in case the secure connection is needed.

To my understanding, it won't work the way you are trying to do it
0
 
gdemariaCommented:

I believe you need to make the page itself an https page, the bind is simply asynchronous calls under within that request, so I suspect it would follow the page security
0
 
smares32371Author Commented:
gdemaria,

Is there any way to make this javascript string function to change to to https when clicked.

<a href="javascript:loadContent('payemnt.cfm','payonline','#pubdate#','mainContent1','payonline',-1);" class="spReport">Online Payment</a>
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
Brijesh ChauhanStaff IT EngineerCommented:
I agree with gd, the HTTPS protocol encrypts your data when you are sending it over internet, say you are posting Credit Card information from a form on your server to the Payment gateway (Paypal for example), so HTTPS makes sure that the connection is secured and the data is encrypted before it's send from your network to paypal's, this way it cannot be hacked.

If you are on the same server, then you don't need it...
0
 
gdemariaCommented:
> If you are on the same server, then you don't need it...

Brijesh, this is not true ...

The SSL encryption protects between the CLIENT and the SERVER.  

HTTPS on the browser is not used between the server's Network and 3rd Party (such as payPal), it protects the credit card informaton from the user's PC to the Web Server.  

0
 
Brijesh ChauhanStaff IT EngineerCommented:
Yes, that is correct, anywhere sensitive data is submited over internet, you need HTTPS, from your pc to web-server, then from web-server to 3rd party, you still have to post info to paypal etc...

Your forms where you collect the information, for example payment info, is HTTPS, which secures the entire flow. So as you suggested the user should have the entire flow as https.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.