On Fri, Jul 9, 2010 at 1:22 AM, ropers <rop...@gmail.com> wrote: > On 22 May 2010 11:01, Lyn Done wrote: >> Sorry that you have concerns about buying from us. >> >> We have moved to a new, more secure ecommerce system which is compliant >> under PCI-DSS, so that you need have no concerns about the security of >> entering your personal or card details. We were unable to transfer across >> the information from the old system, so that yes, you can use your previous >> details on the new site or different details - you can change this >> information at any time in the future. Once you enter any information on the >> login page, then it forces an https call, so the site is totally secure with >> your details. > > I admit that I'm a bit ignorant here, as I've myself never > administered an SSL web site, but I am not convinced by this: Doesn't > the above just mean that it switches to HTTPS *after* transmitting my > information in the clear? Or can someone else explain if and/or how > the above is sane? >
>From a quick glance at the website: You get an empty form delivered over plain http. The form submits to an https page. This means the content of the form is only transmitted over https. -- Floor Terra <flo...@gmail.com> www: http://brobding.mine.nu/
