Your payment form is not secure, even though it makes a submission over SSL, the... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		satiani on April 23, 2014 \| parent \| context \| favorite \| on: Mellow, the robotic sous-chef Your payment form is not secure, even though it makes a submission over SSL, the fact that it is hosted on a non-SSL page exposes it to Man in the Middle attacks. An attacker may, for example, change the iframe URL to something controlled by the attacker but looks like the payment form on your site, and trick users into giving them their credit card details. The fix is simple, make your whole site https and redirect all http traffic over to https. There are cheap SSL certificates out there (as low as $99 a year) and its pretty easy to setup.

zemvpferreira on April 23, 2014 | [–]

Happy to say we should be fully secure now, all the traffic is going through SSL-hosted pages. I can't thank you enough for bringing this to our attention.

Could I ask you one more favor? Would you check to see if we're as safe as possible now?

zemvpferreira on April 23, 2014 | [–]

Forwarding this to our web guy right now, thank you.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact