frames AND SSL

[cyanide]

okay all you frame lovers ! and anyone else ofcourse.

I just came across this site (URL witheld), that uses frames.
They are selling this book and for fun I click on the 'buy now' button.

A new 'inner page' comes up with a standard form for paypal. It has all the usual stuff, name, address and then I see 'credit card no.'

Well I look around and see no padlock or https !!

ahhh, okay, I just right-clicked the 'inner page' and it is being called straight from paypal and it is secured.

okay, so Im assuming that even though the outer page is not SSL encrypted that the transaction will be ??

still though, people are savvy enough now to look for https and the padlock, no? shouldn't this site owner secure the entire page, just to give people peace of mind ??

comments, experiences ??

[mpnev]

IMHO they should secure the entire page... but then again, I'm not a fan of frames, heh

I think this is in the wrong topic category ;)

[cyanide]

they should secure the entire page

that's what I'm thinking

I think this is in the wrong topic category

really ? well, it's an e-commerce issue, isn't it ?
where should it be ?

[mpnev]

Yes, you are correct - ecommerce issue... Notice the time I posted that? hehe... I was sleepy...

[cyanide]

... I was sleepy

I hear you me too !

[Islands]

Well I look around and see no padlock or https !!

still though, people are savvy enough now to look for https and the padlock, no? shouldn't this site owner secure the entire page, just to give people peace of mind ??

Cyanide
I'm glad the little gold lock makes you happy but, don't rely on it to make you secure. SSL only encrypts data in transit on the Internet and nothing else! An in-transit hack is very unlikely, SSL certificates can be faked, SSL certificates can allow unsigned code to run as trusted code, and more often than not an SSL certificate is for the box hosting the website, not the website itself.

Much more important when shopping at an Internet store is to know what security measures the host takes to protect your information.

[SecureCart]

Hello,

A solution we offer to our "frame design" clients is to make the product post to a new browser window.

This way the lock/key will show the page as secure.

Frames should not be used for ecommerce designs as you described.. the url is not SSL enabled unless the entire URL is https: at all times.

http://www.securecart.com

[pete61uk]

From what I've observed of most e-commerce sites, if SSL is used and you've selected a "buy me" control it should come up with a warning panel telling you you are opening a new browser with a secure connection and ask if you wish to proceed.

Once in you should have the padlock you desire

[Shift4SMS]

I'm glad the little gold lock makes you happy but, don't rely on it to make you secure. SSL only encrypts data in transit on the Internet and nothing else! An in-transit hack is very unlikely, SSL certificates can be faked, SSL certificates can allow unsigned code to run as trusted code, and more often than not an SSL certificate is for the box hosting the website, not the website itself.

You are 100% correct. But the problem is that the average surfer has the impression that the little gold lock means secure so you will lose orders if it is not showing.

The only way to get the little gold lock to show with frames is to have the entire frameset downloaded via SSL, not just the child frames.

[solinem]

My webpage has frames and everything (I guess), comes from an SSL conection, but the there isn't a "lock".
Am I doing something wrong?

Best regards

Marco