Results 1 to 2 of 2
Thread: SSL within non SSL frame
Oct 14, 2005, 10:18 #1
- Join Date
- Apr 2002
- Aberystwyth, UK
- 0 Post(s)
- 0 Thread(s)
SSL within non SSL frame
I recently shopped at a site and during the checkout, particularly the page where it asked me for my credit card info. I noticed the URL started with HTTP, and that the padlock DID NOT appear in the browser bar.
The page had a Versign secured seal, and lots of links to this is page is secure with a link to SSL info. So I dug a little deeper horrified at what I was seeing. I then noticed that the whole site was made up of frames. The top, left and right columns, the standard site information and the main frame non SSL. However the checkout page, which was displayed within the frame was covered with SSL.
So although the main page was not HTTPS the part of the site where I entered my Info was covered. But this got me thinking, firstly they must be loosing a lot of business, because people are told to look for the HTTPS in the URL and the little padlock symbol, which with this site are not shown because the secure page is loaded in a frame.
I got wondering how secure is this, is this still secure, or is there a security flaw here, apart from the trust issues, are there any other problems?