I am creating a website for a sports center. Registration is controlled through a third-party software program. There are options to register directly through the third party site or to integrate the registration form in my site with iframes.
Since I did not want to send people to any other site, I went with the iframes option. My question is, can I be convinced that people are completely safe on a third-party page Will you get similar level protection in iframe?
Thank you.
This design is more prone to you. I advised to see the video of the talk of Maxi Marlenspic. Although such an attack is not common in practice
this will not violate iframe, although if you are planning to log in to the HTTP site, or if you are sending a session ID over HTTP It will be obvious violation of OWASP A9
In essence, https is essential to protect your users.
Comments
Post a Comment