182
« on: June 29, 2012, 12:03:58 PM »
That is quite a reasonable concern.
Another concern that should be considered with ecommerce sites is that floating back and forth from secure to insecure states can increase opportunities to hijack the session.
Its not reasonable to use content sourced from insecure servers or connections in any case. In the end, the associated risks of viral loading, phishing and other code insertion should be sufficient to push the industry into a fully secure mode. I will agree however that a good deal of thought should be applied before changing the application to meet this standard..
David