I had this exact same thing happen. I emailed their webmaster and explained why it was insecure, and they still swore I had no idea what I was talking about. It was fixed a couple of weeks later. > -----Original Message----- > From: Dave Sherohman [mailto:esper at sherohman.org] > Sent: Friday, January 05, 2001 10:04 AM > To: 'tclug-list at mn-linux.org'; TCLUG > Subject: Re: [TCLUG] OT: Secure web without https? > > > On Fri, Jan 05, 2001 at 01:32:43AM -0600, Austad, Jay wrote: > > View the source of the page. If the form submit's the data > to an https:// > > url, then you should be able to consider it secure. Many > sites outsource > > their card processing, and some card processors will accept > data from a POST > > operation to their site from the customers web page. > > > > Go over the HTML carefully though to be sure. > > A side note on this: > > I've encountered one site which had this backwards: They > swore up and down > that their credit card info page was "certified 100% as > secure as it gets", > and it was - the page was served via https. But the submit > button was an > http link. Fortunately, Netscape caught this and warned me > about it. (But, > of course, when I told them about it, they told me I didn't > know what I was > talking about, repeated their litany about how secure the > form is, and, > ultimately, did nothing about it.) > > So cravat empty and all that stuff. > > -- > SGI products are used to create the 'Bugs' that entertain us > in theatres > and at home. - SGI job posting > Geek Code 3.1: GCS d? s+: a- C++ UL++$ P++>+++ L+++>++++ E- > W--(++) N+ o+ > !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G > e* h+ r y+ > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list >