Secure transaction in iFrame

I have a photography site http://williammacdesign.com/Purchase/yosemite.html with a third party commercial vendor (Shutterfly) that I use for processing and delivery of my images. All of their online business is fully secure for credit card transactions. Embedding my Shutterfly galleries works really well in an iFrame embedded in my pages. The transaction carries all the way through in iFrame.

I think the security of the transaction (credit card submission process) is maintained within the iFrame. The problem is how will my savvy customers feel comfortable when they don’t see the https url during the purchase process? Or am I wrong in thinking the security doesn’t carry through the iFrame?

Bill


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Some browsers won’t allow this sort of mixed-mode, or at least will
flag it as a potential attempt at confusing the visitor. But you are
correct that if the secure stuff all happens within the iframe, and
never targets anything outside of its iframe, then there’s actually
no way for the browser or the server to tell the difference between
that and loading the content of the iframe into a new browser window.

But perception is, as you say, where the problem lies, and I don’t
know if the browser will signal (with its little lock icon) that the
page is secure if it’s actually looking at the outer page.

Walter

On Nov 9, 2008, at 9:45 AM, Bill McCarroll wrote:

I think the security of the transaction (credit card submission
process) is maintained within the iFrame. The problem is how will
my savvy customers feel comfortable when they don’t see the https
url during the purchase process? Or am I wrong in thinking the
security doesn’t carry through the iFrame?


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options