HomeDesigning Your WebsiteHTML, CSS, and Javascript

Security risks with iframe

swordfish posted this at 16:33 — 4th November 2008.

They have: 2 posts

Joined: Nov 2008

Hi Friends,

I had bookmarked this forum some time ago and totally forgot about it. In the meantime I had many questions arising time to time during projects and was only able to find answers through Google searches. Now I realize being the member of a community brings many advantages, so cutting it short, here is my question:

I am using an iframe on one of my websites. The iframe source is an external website and it has a secure part as well. My question is, when a user communicates through my website which is hosted on http, and it uses an external website which has some bits on https, What would you say about the security? Is there any security risk involved in this approach and is the communication safe?

Thank you very much for your time in advance,

cheers

swordfish

decibel.places posted this at 17:17 — 4th November 2008.

decibel.places's picture

He has: 1,494 posts

Joined: Jun 2008

An iframe is a separate window - I do not think it poses any additional security risks

I believe the https protocol is preserved within that window

However, many "secure" sites will prevent you from displaying them in any window other than the top browser window

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.