[thelist] Secure Site Expiration
William Anderson
neuro at well.com
Sun May 5 17:00:01 CDT 2002
----- Original Message -----
From: "Belinda Johnson" <belinda at prodsol.net>
To: <thelist at lists.evolt.org>
Sent: Sunday, May 05, 2002 3:52 PM
Subject: [thelist] Secure Site Expiration
> An associate of mine has a secure shopping cart site but for certain items
> they actually link to a different third party company who handles those
> particular items (name badges for example). The thid party company's site
> does NOT show the lock on the browser window and is NOT an https address -
> even when it gets all the way to the end of the shopping process to put in
> the credit card information.
>
> When we questioned it we were told "he assured me it was secure, but that
> their security had expired and though it was renewed, the company had not
> added the lock back."
>
> Am I correct that this is either pure BS, or he is honestly ignorant?
It's pure BS - I just went through the cart process (not using my real
details) and the page with the credit card form on it is NOT secure, and the
form which submits the cc info at this stage uses <FORM name=frmPay
method=POST> i.e.; it will submit the info to the same script UNSECURELY,
which then hands off to a 'confirmation' page, which submits to a secure
server - https://secure.authorize.net/gateway/transact.dll.
have a quick look at http://crap.zensoft.net/files/2002/05/05/insecure.png
and you'll see that the page is certainly NOT using SSL (and it's not a
frameset).
They are fobbing you off with crap - I would not suggest using them further.
I personally would never submit my cc details insecurely.
--
_ __/| ___ ___ __ _________ "Hell hath no fury like a woman scorned
\`O_o' / _ \/ -_) // / __/ _ \ for Sega." -- Brodie, 'Mallrats'
=(_ _)=/_//_/\__/\_,_/_/ \___/ @ well.com :: William Anderson
U - Ack! Phttpt! Thhbbt! http://neuro.wasters.com/
More information about the thelist
mailing list
