Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a request in from a client that would like one of their existing forms present on another website.
They would like to have a payment form present in an iframe.
What, if any, implications are there when iframing in an SSL website into a non-SSL website when payment processing is concerned?
Your users’ browser will give them security warnings that basically say this is an unsafe scenario. For example, a man-in-the-middle attack could inject javascript into your non-SSL page and now you are potentially compromised.
In this scenario, a popup or flat-out page redirect is the appropriate way to do this. As you are probably well-aware, you want 100% of content in your browser to be hosted via SSL in this sort of scenario. Otherwise, you simply are not guaranteed to be protected. That’s the reason for those warnings.