Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

HTTPS not enforced on the cart page.


Recommended Posts

It appears that the actual payment info form is loaded into an iframe or something similar.  This is okay if that connection is encrypted, but extremely unnerving since the main page does not show as secure.  It's not difficult or expensive to implement SSL on your site.  I was able to manually type in the Https into the url and it switched to encrypted, but I shouldn't have to do that.  At least not for the cart page.  Seriously guys, this has been a standard for like 15 years.

Link to comment
Share on other sites

From another thread in the Report a Bug section :

 

"Here's the response from our web team, it matched my understanding but I wanted it to be accurate:

 

All website requests to the systems that do indeed require SSL are already doing so. Those systems cannot talk over unsecured (HTTP for example) protocols. The majority of the website is unencrypted as it does not contain any sensitive information. Whenever a request is made to the systems that handle secure information, this is always run over HTTPS."

Link to comment
Share on other sites

I understand that.  That wasn't my issue.  The issue is that it isn't VISIBLE on the cart page.  They need to enforce HTTPS on that page to clarify that it is indeed encrypted to the end user.  This is basic 101 web design.  If you want people to feel comfortable giving you money, you need to reassure them that everything is legit when they are checking out.

Link to comment
Share on other sites

I agree that it would probably make some customers feel more comfortable when purchasing items on the website. They're constantly working on the website and are still adding security measures and features to it, so probably that when / if they feel it's needed they'll change it.  :)

Link to comment
Share on other sites

No offense to the developers, but iframes are very tacky and unprofessional looking to begin with, frames went out of common use a decade ago and all but iframes have been removed since HTML4 leaving only the iframe libraries but even then large frames with no boundaries can be a security risk; a frame large enough can be used for phishing!  I know 90s habits die hard, but this has to do with people's sensitive data here.

Edited by Psyctooth
My hubris is the size of a 2 by 4 nailed to the side of a YF-12 jet barrel rolling into a volcano piloted by a Tyrannosaurus Rex.

Link to comment
Share on other sites

No offense to the developers, but iframes are very tacky and unprofessional looking to begin with, frames went out of common use a decade ago and all but iframes have been removed since HTML4 leaving only the iframe libraries but even then large frames with no boundaries can be a security risk; a frame large enough can be used for phishing!  I know 90s habits die hard, but this has to do with people's sensitive data here.

 

I personally don't think it's very bad and just think you're being picky. The devs have a lot on their plate to bring our awesome community together and their efforts should be concentrated there.

☆ We are in a positive posting drought, so just post. Be the change you want the forums to be. Go wild. Just follow your positive posting star. ☆
☆:*´¨`*:.•.¸¸.•´¯`•.♥.•´¯`•.¸¸.•..:*´¨`*:.☆

(¯`’•.¸*♫♪♥(✿◠‿◠)♥♫♪*¸.•’´¯) Member of the Pro-ACE Club (¯`’•.¸*♫♪♥(✿◠‿◠)♥♫♪*¸.•’´¯)

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...