3 {{ upvoteCount | shortNum }}
3 {{ upvoteCount | shortNum }}

Hosting OrderForm http vs https

by tomster
2 replies
Hey guys,

I'm having disscusion with friend of my who says that it's OK to host OrderForm on regular http server as long as you pass info to secure host...for example...

Let say that i have orderform

http://website.com/order.php

and there I collect all the info, like name, email CC number..

and then I post that info to secure processing, let say Infusionsoft for this example....

to this link : https://website.infusionsoft.com/AddForms/processFormSecure.jsp

My friend says that this is OK, and completly secure because actual order is processed by secure host......while I say, it not OK, and that my OrderForm needs to be on secure host also, and needs to be accessed from https://website.com/order.php

Who's right and who's wrong?

Thanks!
#hosting #http #https #orderform
  • Profile picture of the author phpbbxpert
    He is correct.

    As long as you are just passing the information to a https URL its fine.
    But I would avoid passing CC numbers either way.

    CC numbers are a huge liability so let the site handling the payment process deal with those if possible.

    There are other issues that can make a form insecure other than the URL it is posting to.
    If the site has a vulnerability in it (say a poorly coded form, or week FTP passwords), it is very easy to leave a sniffer to scrape the input of that form.
    Which is why I suggest leaving the CC# part out.
    {{ DiscussionBoard.errors[2799243].message }}
    • Profile picture of the author tomster
      Thanks for your reply...

      I actually have to host whole orderform on my server because I need some custom design on it...

      So, It's better to use server with SSL and https url....I mean, after all, everybody is recomending that...
      {{ DiscussionBoard.errors[2800832].message }}

Trending Topics