Jump to content

Recommended Posts

Is this what you want?

 

http://stackoverflow.com/questions/6130436/is-posted-information-from-non-ssl-to-an-ssl-secure

 

So, it's secure, but the form page isn't SSL, and this might scare the buyer.

 

If you loop closely at the picture, they are telling you that your form must be HTTPS.

The idea is to avoid purchasing SSL

1.png

 

Zane, sounds like your client is going to need to weigh the costs / benefits of using either a 3rd party checkout system and paying their fees or purchasing an SSL.  Which will cost more? 

 

The client is teeter-tottering on the credit card transaction fee percentage.  Paypal and Google Checkout have a 2.9% + $0.30 fee, while their Merchant is (somehow?) hooking them up with a 1.58% fee.  I went ahead and set up a sandbox account and used the SIM integration method just to check it out.  There are still a few variables I need to figure out, but it seems I may be able to get away with no getting an SSL.  The form action posts to a https address hosted on Authorize.net, which is exactly what I need.

 

Now I just need to make sure I meet the requirements.

Watch out, having the form on a non-secure page opens yourself up to MitM.

 

If an attacker were to manage to compromise the stream between your webpage and the server's, it's possible to modify the HTML before passing it through, changing your form's action.

 

Though, this form of attack isn't exactly easy unless your client's on weak WiFi when he/she does it.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.