> I've always put any forms that collect credit card information behind a
> secure connection, https, figuring that sending that information from the
> client browser to the server should be secure, but I'm having convincing a
> client that it is necessary.
> He instead insists that only the call to the credit card processor's server
> needs to be secure and of course the processor supplies the connection
> there.
> But doesn't also the form need to be secure since you're sending CC
> information from that form back to the web site's server?

Yes. Any connection to you where your punter supplies CC details
should be secure. If the punters ISP runs a transparent proxy for
example, then these details could be easily captured if not sent over
a secure connection.

Richard Heyes

HTML5 Canvas graphing for Firefox, Chrome, Opera and Safari:
http://www.rgraph.net (Updated April 11th)

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to