w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
Security of connection from insecure site to a secure site

Since the connection to your web site is not secured, an attacker could potentially modify the content of the page (or of any Javascript it includes over HTTP) to replace the Stripe script with a malicious service of their choosing which looks the same, but steals the user's credit card information.


Follow-up:

If my website sends a request to https://www.google.com, is that any less secure than me typing that into my browser?

Yes, it is, because the address being requested may be under the control of an attacker that has modified the contents of the page in transit, and it will not necessarily be apparent to a user if the address has actually been substituted for a different one.





© Copyright 2018 w3hello.com Publishing Limited. All rights reserved.