Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum

Get help for TinyWebGallery, the best image gallery. The forum is also home for the Joomla JFUploader, TWG Flash Uploader and the Wordpress flash uploader.
It is currently 28. Mar 2024, 14:13

This forum is readonly now. Please use the new forum if you don't find the answer to your question here. The new forum is at https://www.tinywebgallery.com/blog/forum/


All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: 26. Nov 2016, 09:24 
Offline

Joined: 26. Nov 2016, 09:09
Posts: 1
I'm a brand new user trying out Advanced iframe for the first time. So far, I love it! Absolutely no problem embedding two different sites, all are https, with different domains on both ends. The documentation is superb. I plan to upgrade to the Pro version.

But one question: One of the embedded sites contains "Protected Health Information (PHI)", and the other embedded site is for online bill payment. As compared to a user going directly to those sites rather than visiting them as embedded sites, is there any increased security risk? Because all the data transmissions should be encrypted with https on both ends, and nothing will be stored on my site, I'm assuming (and hoping) that the answer is that there is no increased security risk by having them embedded. Is that correct? (As you may know, in the U.S., the "HIPAA" rule imposes enormous penalties if there is any security breach involving PHI.)

Thank you!


Top
 Profile  
 
PostPosted: 27. Nov 2016, 23:22 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 11232
If you are on different domains the parent does not know what is in the iframe.

iframes are seen as a security risk as you e.g can include hidden iframes to the pages that does something.
But this always means that the site has been hacked already!

So if PHI is secure I don't see any problem if it is included somewhere.

I only see problems if you mix http and https like described here:
http://www.tinywebgallery.com/blog/iframe-do-not-mix-http-and-https

But if both sites are https you see with the features I can offer that you are quite limited already!

Best, Michael


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 17 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron
powered by phpbb | Datenschutz/ Privacy policy