using http based IFRAME in https URL

Question

rkumaram 0 Light Poster

14 Years Ago

I am working on payment module which includes credit card transaction.

I have a domain FOOXYZ.COM (IP: x.x.x.x) which is secured with SSL and I can access it with https://fooxyz.com

Now in fooxyz.com I have a page payment.php https://fooxyz.com/payment.php
In payment.php I am accessing an IFRAME and the source of this iframe is at BARxyz.COM (ip: y.y.y.y)

Means payment.php page at FOOxyz.COM includes
<IFRAME src="http://barxyz.com/bar_payment.php">

Now I want to know is this secure method for online transaction or is it breach of security do I need to secure BARxyz.COM also ???

So that I would use
<IFRAME src="httpS://barxyz.com/bar_payment.php">

Waiting for valuable response, thanx in advance

php

2 Contributors
6 Replies
218 Views
12 Hours Discussion Span
Latest Post 14 Years Ago Latest Post by rkumaram

pritaeas 2,194 ¯\_(ツ)_/¯

14 Years Ago

Well, if it is used in the actual processing I consider it insecure. If it is additional handling and nothing of value is transmitted, note that users will still get a message from the browser that insecure content is being loaded. A lot of users will then abort.

pritaeas 2,194 ¯\_(ツ)_/¯

14 Years Ago

Never mind the last statement.

If you really want to do it using an iframe I'd recommend using SSL on both servers.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

rkumaram 0 Light Poster · Answer 1 · 2010-01-20T15:56:26+00:00

Well, if it is used in the actual processing I consider it insecure. If it is additional handling and nothing of value is transmitted, note that users will still get a message from the browser that insecure content is being loaded. A lot of users will then abort.

Yes I will be doing REAL ONLINE TRANSACTION using iframe. So what is the solution now ?? How can I access an http iframe source in https page so that transation will be seured.

and I didnt get this

If it is additional handling and nothing of value is transmitted

rkumaram 0 Light Poster · Answer 2 · 2010-01-20T16:12:47+00:00

Thank you for quick reply.

So are you sure that I need SSL for both the server ??
For that I have to purchase SSL certificate for second seerver also and that will be costly, but if that is the only solution I will buy it. Waiting for your suggestion.

pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster · Answer 3 · 2010-01-20T16:34:43+00:00

Since you own both servers, is it not possible to move or copy the code to the other machine ?

rkumaram 0 Light Poster · Answer 4 · 2010-01-20T20:33:54+00:00

My desgin is like I have one centralized server and N numbers of servers will be added to it . Number of server attached with centralized box may increase depending upon our requirement.

Currently I have one centralized server and 15 more nodes is added with IFRAME from there .