Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff
Author Message
Doulos
Life Cycles Becoming CPU Cycles


Joined: Jun 06, 2005
Posts: 626

PostPosted: Sun Jan 13, 2008 10:58 am Reply with quote

1. Is an Iframe on the home page of a RavenNuke 2.10 that calls an HTTPS website really secure?

On my test site which has a Iframe center block which calls an HTTPS address, no security warning is given, but if I call that HTTPS page directly from the address bar a security warning is given.

2. If the answer to #1 is NO, would an Iframe be secure if the main nuke site was https instead of http?

What I am trying to do is set up a billing system (which must be secure) and have it run as an Iframe within a RN2.10 website (so I can take advantage of Nuke Sentinel's security). I do not have a private security certificate on my test site, so the lack of a security warning worries me.
 
View user's profile Send private message
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Sun Jan 13, 2008 3:45 pm Reply with quote

All requests to the HTTP page is not encrypted, but all requests to the HTTPS page should be. The certificate is just whether it is trusted or not - you can still use an unsigned certificate to encrypt data. I personally would consider buying a signed certificate if you do billing, as your users may not want to put their data in with a security warning first.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Doulos
PostPosted: Sun Jan 13, 2008 3:47 pm Reply with quote

Yes, my production site does will have a private cert, but the test site only has a shared cert. Thank you for you reply.
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Mon Jan 14, 2008 12:38 pm Reply with quote

However, one caveat for someone else who might pick up this thread. If you are controlling the code behind both the main page and the iframe, you're "in business". However, if you are not controlling, say, the code behind the iframe (i.e., the "called" HTTPS page), just keep in mind that javascript in a page in one frame can "access" HTML objects that are in the browser in a different frame. So, if there is exploit code running within the iframe, it could do some pretty nasty things to your "users".

It is just one of the reasons why I hate using them. You might be better off using something like PHP's CURL library of functions to go retrieve the page into a variable so that you can then "inspect" the content of that page before including it within your home page or module.

Again, this is most likely not applicable to your specific situation, but using it as an opportunity to impart knowledge. If any runs into this thread and this post and you have questions about it, please open a new thread specific to your question(s).

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©