Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - Pandora's purchase page security

Submitted by Outtascope
Outtascope (972222) writes "Getting web security wrong is easy. Getting security wrong when you have 200+ million registered users is scary. Pandora's purchase page uses https to transmit your credit card information to their servers, but serves up the form into which you place that information over plain http. I'll leave it as an exercise for the reader to iterate the ways in which this could lead to profit for those with bad intents.

Pandora technical support asserts that this is perfectly secure and meets the requirements of all the credit card processing regulations. They also state that serving music over https would be too resource intensive — apparently because making the purchase page show in a new tab or a pop-up window would rely upon a technology that hasn't yet been invented.

What's your take? Would you or have you made a purchase with Pandora using their payment page without being able to verify the authenticity of that page?"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Pandora's purchase page security

Comments Filter:

In a consumer society there are inevitably two kinds of slaves: the prisoners of addiction and the prisoners of envy.