We are running a Portal application for our client with Payment Gateway integrat

Question

We are running a Portal application for our client with Payment Gateway integrated. Payment gateway uses SSL as it is suppose to be .

The concern for me is that our Portal application does not use HTTPS leaving it susceptible to MITM attacks but since the payment gateway uses SSL , are we still open to MITM attacks? What are the other risks involved ?

Based on the suggestions here , I will try to convince our client to buy a digital certificate from a registering certifying authority if it is needed .

Explanation / Answer

It's often not only the case that "payment information" is the only sensitive information. If your portal requires some sort of "login" (which it undoubtedly does), you allow many parties in between (Internet Cafe owners, ISP's, "hackers", employers, govermenments, ...) to see these credentials and take over the account.

If your portal has anything in terms of recurring payment what they can setup from your unsecured side, or any requests that would affect the subjects account, you offer no protection towards that.

SSL certificates and the benefits they offer (even if it's just a professional and trusted image) far outweigh the cheap price.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.