Paynet Direct - Scary security warning in MSIE

Author Message

Håvard Bell

Thursday 10 November 2005 1:19:51 pm

Hi!

We have purchased the Paynet Direct solution. We are very happy with the way it looks so far, except for one major concern:

In MSIE, after a user has entered his credit card information, and pushed the purchase button, he gets the following message from MSIE: "You are about to be redirected to a connection that is not secure. The information you are sending to the current site might be retransmitted to a nonsecure site. Do you wish to continue?"

To a novice, this is a scary message after you have just sent of your dear creditcard number.

In Firefox, this message does not, which is correct, appear. We know that the information is not transmitted to the non secure connection. To bad MSIE do not know this...

Does anybody have any solution to this. Does someone from the eZ Crew know about this, or better, have a solution?

Thanks for any input!

~ Hav.

Raymond Bosman

Friday 11 November 2005 1:22:48 am

Hi Håvard,

We are aware of this problem. One way to solve it, is to keep the connection secure until the order overview page. Any link from there should redirect the user to a non-secure page.

We hope to include this solution in the next eZ publish and Paynet direct release.

Raymond.

Håvard Bell

Friday 11 November 2005 2:07:41 am

Hi Raymond,

Thanks for the reply.

This was the solution I thought of as well, but were unable to locate the right place in the PHP code. Would you know which file this redirect happens?

Thanks,

~ Hav.

Raymond Bosman

Friday 11 November 2005 2:44:59 am

The redirection from secure to non-secure and vice-versa, happens in the file:

eventtypes/paynet/ezpaynetdirect/ezpaynetdirecttype.php

Remember that the execute() method in this file is called by the workflow process.

Good luck,
Raymond.

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.