Geeklog Forums

I have a static page that starts out on my server then it pulls in a page from a paypal secure server. Problem is that there is no indication that they have gone to a secure server (https://...). Does anyone know how to get that little padlock turned on when you a have the secure server static page? Basically indicating the secure serve handshake?

If you are enclosing the payment page in an iframe in a static page, I don't think there is a way to show the lock in the visitor's browser. If you use external pages then the lock could be displayed.

If you pull a page and then retransmit it from your server to your user it probably isn't secure... If you're displaying the page in a frame or an iframe the above comment is accurate. -Vinny

Good information....I think. I'll have to think about that though, it doesn't sound quite right. Once the page loads on the client machine is when the https page is called. So it's not being retransmitted by the server it's being requested by the client. I believe that it's still a secure page but because there are secured and unsecured items it doesn't know how to handle it thus it decides that it's unsecure. The Paypal server side still believes that it's secure. I may have to break out of the nice GL pages so people realize that they are on a secure server or breakdown and secure my server. It's really a hard thing to research. I have a friend that works for Microsquat, I see if he might have an idea.

Just a little update, laying in bed It came to me. I remembered that sometimes in a new installation of a browser IE or NS you will sometimes get a message box stating that you are about to enter or leave a secured server. So this morning while working on making my sites compatible with NS browser I tested my embedded (static and external) pages that go out to a secure server and low and behold a message box popped up telling my that I was about to enter a secure area and that information was encrypted. So knowing this I can tell my users that if they are concerned about security on our site to just turn on notification. However this does bring me back to the issue, If the browser can notify you that you are about to enter a secure area, why can't it give you that indication on the status bar?

If you're using a frame or iframe, you have one page inside the other. If you could see it, the little lock would appear on the internal page's browser frame. What you're seeing instead is the frame for the external page which doesn't have it. Does Paypal have a template which you can customize the look of the payment page to match your site?? If not, then I recommend you just send the visitor to an unframed paypal page. It's kind of tacky but at least the visitor will be reassured his payment is being handled by a secure connection.