• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 562
  • Last Modified:

Returning from https site to http php application

I have a php application that posts a shopping cart order to network merchants for credit card processing.  I have selected to have the response posted to my php application that is running on a http site.  Only a response code is coming back, but when I test it I get the warning message about moving from a secure to unsecure site.  The credit card transaction has already happend, but do I still need a certificate or is there another way to handle this response from network merchants?
  • 2
1 Solution
The warning is happening for a good reason.

Despite the fact that your users are on a secure HTTPS site (which would lead them to believe that the transaction is secure), you are having a response containing some of their order information posted to your HTTP site in an insecure manner. Regardless of how harmless the data being transmitted is, the situation is misleading to the customer, that's why they are getting the warning message.

There are two options:

1) Do not do a form POST. Just link to or redirect to your landing page. I'm pretty sure in that case there is no warning message, because no data is being transmitted. Of course this means no data gets posted to your PHP application, users just arrive there after completing the order. Perhaps if you only need a response code, you can put it into a GET parameter in the URL, rather than POSTing it?

2) If you must transmit data about the customer's order to your own php application via a form post, then secure it with an SSL certificate.
Ray PaseurCommented:
What Frosty555 said!  No points for this -- I just want to second his excellent recommendation. ~Ray
Wow, a hat-tip from Ray - I'm honoured!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now