Question : Security with an IFRAME

I have two domains (call them DomainOne and DomainTwo). The first domain, DomainOne, has no security certificate. I would like to submit credit card processing in the second domain, which has a security certificate, from a page located in the first domain. My plan would be to use an IFRAME in a page called from the first domain (ignore the formatting of the IFRAME):

https://www.DomainTwo<wbr />.com/Input<wbr />Form.cfm</a>"><wbr />

InputForm.cfm would contain the form for a credit card, and the submit button, and the form would submit to a second page also in DomainTwo.

Would all data entered into the form, and then processed, be kept encrypted throughout. Clearly, the question is whether there is any point at which credit card data could be intercepted.

Answer : Security with an IFRAME

> Would all data entered into the form, and then processed, be kept encrypted throughout.
yes (if the form is inside the page of the iframe's url)

But from the point of view of a user iframes are the worst you can do as the user does not get an idea what really happens without inspecting the pages source (which is a pain in IE).
Iframes are like having 2 browser windows, hence there is no complain if you mix http and https iframes in one page, it's "legal" according w3c specifications, and it's technical secure.
If you think secure (taking care about your users too), get rid of iframes.

Random Solutions

Looking to contact leew

Java proxy script questions

DHCP on HP Procurve 8212zl Vlans

Changing Network IP Address Range & Enabling DHCP

DNS Forwarding and email

Lotus Notes / Domino Migration to Gmail Issue

Need help with my Veritas backup...

FTPs and Passive FTP not working behind Cisco PIX 515E

Windows XP will not load any network cards

How to update and Out of Office reply