Seamless Payment forms security problem + Workaround [updated]


they all,

i think 1 important make sure folk aware of if not already. have tempory sollution here , have asked possible sollution bc team.

 

you may have seamless payment gateway , few forms on sites using take payments. making sure links page https , under worldsecuresystems.

 

there several issues in terms of security , 1 not considered if know others.

 

1. if client or forgets update links secure page non secure version of page. if add page content via custom links unsecure.

 

2. google come across page , http unsecure page.

 

3. 1 may not realise if have site search , page form shows - url of - default.aspx?...... , lots of paramater values page id.

problem is not secure.

 

i have dropped messge engineers this, considering recent focus on tighting of security aspects of bc consider ability unsecure version of page should secure url 1 needs addressed.

 

i suggested there should tick box on page in admin says "https url" or create perminant redirect worldsecuresystems url.

if thinking "use 301 redirect field" - redirect error because secure external, wont work.

 

so till bc soemthing?

 

i made function , call in manner below:

 

function securepageredirect() {        //current url check       var secure = (window.location.protocol === 'https:');       // if page function runs on not https.       if ( secure == false) {            //log path of url            var currenturlpath = window.location.pathname;            // redirect            if ( currenturlpath.indexof("default.aspx")   ) {                var getparams = location.search;                window.location = website.secure_url+currenturlpath+getparams;           }           else {                window.location = website.secure_url+currenturlpath;                     }       }  }

then when call function:

 

with jquery in mind

 

if ( $(".seamlesspaymentform").length ) { securepageredirect(); }

 

what run if have class on page. put it? put class on form itself, know when call form secure.


so happen?

 

here example: http://www.laidlaw.ac.nz/en/news-and-events/alumni-gathering-registration

this non secure version of page when finishes loading see redirects https version of url

 

update: updated code work search , default.aspx

legend! sharing liam!

 

i've asked dev team implement feature when implemented bookings , i'm sure it's on backlog , never got it. should replicate "requires payment" checkbox , 302 redirect functionality bookings. works treat!

 

-m



More discussions in Business Catalyst


adobe

Comments

Post a Comment