Is it possible, while being PCI compliant, to have a lightbox popup login that is secure (https) on a non-secure page (http)? If so, would it show the proper security icons/locks on the page?
Https (secure) lightbox login on a http page
1.4k Views Asked by Bobby At
1
There are 1 best solutions below
Related Questions in HTTP
- My get request for http is very slow
- Angular multiple http requests chrome android
- HttpRequestContext vs HttpContext
- Converting curl command to iOS
- getting google contacts using shuttlecloud
- Node.js http.get example
- How can hide url value in php
- Symfony2 - handle HTTP/Entity user access restrictions
- Angular http interceptor responseError doesn't have statusText
- Which of the following hostnames are valid?
- Send Http request at specific time
- Rails - read file from POST request / octet-stream
- Python - Cookies & BeautifulSoup
- Npm requests stopped by home router
- POST Android json data
Related Questions in HTTPS
- HTTP to HTTPS mapping using proxy servers
- How to fix WordPress HTTPS issues when behind an Amazon Load Balancer?
- KeyStore file is not found in jar, although present in jar
- How do I accept a self-signed SSL certificate using iOS 7's NSURLSession
- HSTS: Should I force user to use HTTPS on load balance or web server?
- squid sslbump works with private connection warning
- javax.net.ssl.SSLPeerUnverifiedException: Hostname not verified:
- https post request using httpClient and cert.em
- Added SSL certificate to website, everything runs fine except if someone types https://example.com
- Using HTTPS or encrypt response myself
- redirect https to http for content filtering
- iOS9 ATS: what about HTML5 based apps?
- How to pass https url to a class' constructor that requires URL object as parameter in Java?
- Cannot Read XML file from https:// site
- Problems connecting via HTTPS/SSL through own Java client
Related Questions in SECURITY
- Can MVC.NET prevent SQL-injection at razor or controller level?
- Forgotten password reset page: should the user need to enter a username/email as well?
- Dynamic roles list in CustomAuthorize ASP MVC
- Access roles from multiple applications
- How to Fix TLS CBC Incorrect Padding Abuse Vulnerability on Windows 2003 Server
- Evernote Web Clipper and Content Security Policy
- Invalidate user credentials when password changes
- Spring Boot MVC non-role based security
- Correct Captcha behaviour on error
- Is macro more secure than static const if I don't want someone to know or change the hardcode value?
- In Android, ensuring only pre-decided users can only use the app
- Authenticating plain text passwords against md5 hash in DB using Apache Shiro
- Symfony2 - handle HTTP/Entity user access restrictions
- Client side computation without exposing code?
- searchable row level encryption using java?
Related Questions in PCI-COMPLIANCE
- Best Practices to Minimise PCI DSS Exposure
- Dsiable TLS 1.0 on a specific IP for PCI compliance
- Prevent changing Android SDK
- Payment Card Industry PCI Compliance for Azure PCI DSS AppServices
- Service for Processing Credit Card Information on Mobile Application that is PCI Compliant
- How to pass PCI compliance when MsDeploy requires WMSVC certificate?
- Anyone experience PCI Compliance scan create errors in application server?
- PCI compliant hash of a credit card number
- Is there any PCI Compliant way to show card data after it has been captured?
- PCIDSS masking bank account number
- Paypal vault for recurring payments
- How to Fix SSL Medium Strength Cipher Suites Supported in IIS 6.0
- Costs of PCI Compliance?
- Is it PCI-compliant to serve images (securely) from not just a different subdomain, but a different domain?
- Https (secure) lightbox login on a http page
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
This is vulnerable for multiple reasons. An attacker can just use SSLStrip to remove the https login and MITM the password.
Also why are you just using HTTPS for login? It should be used for the entire life of the session or or its completely and totally useless. You are violating OWASP A9 and this can be exploited with Firesheep.