Call 18866 POTENTIAL SECURITY HOLE!

mike_paterson

ericpode wrote:

If I understand your description correctly then he is not wrong.

SSL (used by browsers when the address begins with "https") is an end-to-end encryption scheme which means that the data remains encrypted from the browser to the end server. This means that the entire request be it a GET or POST is encrypted including the request URL which appears in the first line of the request message.

Having said that I don't think it's such a good idea to have details such as this in the query string of the URL because it can cause this sort of confusion to users.

Thanks for the support !

michaels

spook wrote:

I've just gone through the process myself and I can confirm that the site does use the secure https protocol. So there's no risk of your card details being seen by anyone else. As ericpode says, the request URI is also sent encrypted, so there's really no problem.

THis means that the transaction is secure when it happens - but is everyone here 100% sure that there url history is secure - I understood this was one of the easiest bits of information to fish for?

mike_paterson

michaels wrote:

THis means that the transaction is secure when it happens - but is everyone here 100% sure that there url history is secure - I understood this was one of the easiest bits of information to fish for?

Always use a firewall !

spook

michaels wrote:

THis means that the transaction is secure when it happens - but is everyone here 100% sure that there url history is secure - I understood this was one of the easiest bits of information to fish for?

True - I've just checked my history out of interest and the URL containing my credit card details is still there! (Firefox browser)

(It's a fairly simple matter to delete your URL history, which is what I'll be doing now )

mike_paterson wrote:

Always use a firewall !

And an up-to-date virus scanner.

And keep your operating system up to date.

And your browser.

:rolleyes: