Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have some important checkout pages that are served via an iframe within a secure page. It works great however (if they knew the URL) a user could still access the page directly. Is there anyway to check that a page is being served via and iFrame and deny direct access?
No. Even if there was it would be easily spoofed(it’s not to hard to create a blank html page with a single iframe). I would suggest you to rethink you security strategy.
For example you can use some unique URL to reference your page which would be generated by parent page eg.
On the check out page you will haveto check that id is unique and was never used before and that the hash corresponds to this id. For hash you can use md5 with salt(md5(id.$salt)).
This would be quite secure (as long as $salt kept secure).