[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Returning from https site to http php application

Posted on 2012-08-12
Medium Priority
Last Modified: 2012-08-13
I have a php application that posts a shopping cart order to network merchants for credit card processing.  I have selected to have the response posted to my php application that is running on a http site.  Only a response code is coming back, but when I test it I get the warning message about moving from a secure to unsecure site.  The credit card transaction has already happend, but do I still need a certificate or is there another way to handle this response from network merchants?
Question by:farmingtonis
  • 2
LVL 31

Accepted Solution

Frosty555 earned 2000 total points
ID: 38285928
The warning is happening for a good reason.

Despite the fact that your users are on a secure HTTPS site (which would lead them to believe that the transaction is secure), you are having a response containing some of their order information posted to your HTTP site in an insecure manner. Regardless of how harmless the data being transmitted is, the situation is misleading to the customer, that's why they are getting the warning message.

There are two options:

1) Do not do a form POST. Just link to or redirect to your landing page. I'm pretty sure in that case there is no warning message, because no data is being transmitted. Of course this means no data gets posted to your PHP application, users just arrive there after completing the order. Perhaps if you only need a response code, you can put it into a GET parameter in the URL, rather than POSTing it?

2) If you must transmit data about the customer's order to your own php application via a form post, then secure it with an SSL certificate.
LVL 111

Expert Comment

by:Ray Paseur
ID: 38286017
What Frosty555 said!  No points for this -- I just want to second his excellent recommendation. ~Ray
LVL 31

Expert Comment

ID: 38288239
Wow, a hat-tip from Ray - I'm honoured!

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
This is a tech scam I recently helped my parents through.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question