Facebook proxy list - Credit Counseling - Loans - Mobile Phones - Mortgages
PDA

View Full Version : How secure is IFrame content?

FastWeb
Sep 17th 2007, 10:01 pm
I have a client that I built a small template site for. He also has one of these pre-built shopping cart websites that he does a small amount of business on. He's the sort of guy that thinks he knows it all, and he wants to "combine" his websites by running the shopping cart site through IFrames on the template site I built for him (which is getting a decent amount of traffic).

The problem is that he wants to include the payment page in the IFrame, and while the payment page is HTTPS, the page on the template site will not be. How secure is the content going to be if he's running his HTTPS site through an IFrame? He is going to do the work himself, and I've recommended he not do so, but he thinks that I'm trying to "screw him out of the cost of an e-commerce site". If he does this, should I drop him from my server because of liability issues?
James WP
Sep 18th 2007, 3:48 am
As far as I know, things like that aren't inherited from a frameset. So as long as the frameset is loading the shopping cart with an HTTPS address, as below, then the frameset's own protocol shouldn't make any difference to security in that regard.

<FRAME src="https://www.example.com/store/cart/">

Maybe someone else can point out anything I've missed.
The Stealthy One
Sep 18th 2007, 7:02 pm
Yes, everything should be fine, security-wise. :)
Philregalo
Sep 19th 2007, 8:18 am
Hi, https means "secured area" and this should start once a client click "Submit" so it's ok if http is on the template sites as long as when you arrive on the payment area of the site https should be there or look for a small padlock on the right hand part of the browser (means secured page). Hope this helps. God bless. ;)
AstarothSolutions
Sep 20th 2007, 3:35 am
It will still be secure but the padlock will most likely not show if it is still within the iframe and the main template isnt secure as the padlock is normally driven by the overall page not the frames
Philregalo
Sep 20th 2007, 5:44 am
If this is so then I will not feel comfortable with this method. I'm not an expert re iframes only on normal web pages so i'll leave it to the experts :) But if I don't see the padlock then I don't feel secure. But if they say it's secure then that will be your choice. God bless. :cool: