[thelist] Iframes on IE6 on a clean installed Windows XP w. SP2
Andrew Clover
and-evolt at doxdesk.com
Thu Dec 2 11:01:50 CST 2004
Mattias Hising <hising at home.se> wrote:
> From the usercontext-url, we will consume pages from a different
> subdomain via SSL in inline-frames.
> security-changes Microsoft made with Service Pack 2 on Internet
> Explorer 6 may make this solution obsolete.
I believe the security issues are more to do with cross-frame scripting
and externally navigating the frame than with embedding one site in
another as such. Should be okay as long as you don't need the subframe
to communicate with the top frame.
However, by framing the secure stuff in an unencrypted container you
won't be able to get the padlock lit up, which would be a no-no for most
people if they're asked for card details. Where something important like
payment processing is concerned, it's usually best to keep it as simple
as possible.
--
Andrew Clover
mailto:and at doxdesk.com
http://www.doxdesk.com/
More information about the thelist
mailing list