| Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum https://www.tinywebgallery.com/forum/ |
|
| Privacy and security risk if https domains on both ends? https://www.tinywebgallery.com/forum/viewtopic.php?f=21&t=4189 |
Page 1 of 1 |
| Author: | flitedocnm [ 26. Nov 2016, 09:24 ] |
| Post subject: | Privacy and security risk if https domains on both ends? |
I'm a brand new user trying out Advanced iframe for the first time. So far, I love it! Absolutely no problem embedding two different sites, all are https, with different domains on both ends. The documentation is superb. I plan to upgrade to the Pro version. But one question: One of the embedded sites contains "Protected Health Information (PHI)", and the other embedded site is for online bill payment. As compared to a user going directly to those sites rather than visiting them as embedded sites, is there any increased security risk? Because all the data transmissions should be encrypted with https on both ends, and nothing will be stored on my site, I'm assuming (and hoping) that the answer is that there is no increased security risk by having them embedded. Is that correct? (As you may know, in the U.S., the "HIPAA" rule imposes enormous penalties if there is any security breach involving PHI.) Thank you! |
|
| Author: | TinyWebGallery [ 27. Nov 2016, 23:22 ] |
| Post subject: | Re: Privacy and security risk if https domains on both ends? |
If you are on different domains the parent does not know what is in the iframe. iframes are seen as a security risk as you e.g can include hidden iframes to the pages that does something. But this always means that the site has been hacked already! So if PHI is secure I don't see any problem if it is included somewhere. I only see problems if you mix http and https like described here: http://www.tinywebgallery.com/blog/iframe-do-not-mix-http-and-https But if both sites are https you see with the features I can offer that you are quite limited already! Best, Michael |
|
| Page 1 of 1 | All times are UTC + 1 hour [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|