iframe是非SSL站点上的SSL安全表单 [英] iframe an SSL secured form on a non SSL site

问题描述

我向客户提出了一个请求，希望其中一个现有表格出现在另一个网站上。

I have a request in from a client that would like one of their existing forms present on another website.

他们想要一个付款表格出现在iframe。

They would like to have a payment form present in an iframe.

当涉及到付款处理时，在SSL网站中将iframing存入非SSL网站会有什么影响？

What, if any, implications are there when iframing in an SSL website into a non-SSL website when payment processing is concerned?

推荐答案

您的用户的浏览器会给他们安全警告，基本上说这是一个不安全的情况。例如，中间人攻击可能会将javascript注入您的非SSL页面，现在您可能会受到攻击。

Your users' browser will give them security warnings that basically say this is an unsafe scenario. For example, a man-in-the-middle attack could inject javascript into your non-SSL page and now you are potentially compromised.

在这种情况下，弹出窗口或平局页面重定向是执行此操作的适当方式。您可能很清楚，在这种情况下，您希望浏览器中100％的内容都通过SSL托管。否则，您无法保证受到保护。这就是这些警告的原因。

In this scenario, a popup or flat-out page redirect is the appropriate way to do this. As you are probably well-aware, you want 100% of content in your browser to be hosted via SSL in this sort of scenario. Otherwise, you simply are not guaranteed to be protected. That's the reason for those warnings.

这篇关于iframe是非SSL站点上的SSL安全表单的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！