Please create an account to participate in the Slashdot moderation system


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Pandora's purchase page security

Outtascope writes: Getting web security wrong is easy. Getting security wrong when you have 200+ million registered users is scary. Pandora's purchase page uses https to transmit your credit card information to their servers, but serves up the form into which you place that information over plain http. I'll leave it as an exercise for the reader to iterate the ways in which this could lead to profit for those with bad intents.

Pandora technical support asserts that this is perfectly secure and meets the requirements of all the credit card processing regulations. They also state that serving music over https would be too resource intensive — apparently because making the purchase page show in a new tab or a pop-up window would rely upon a technology that hasn't yet been invented.

What's your take? Would you or have you made a purchase with Pandora using their payment page without being able to verify the authenticity of that page?
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Pandora's purchase page security

Comments Filter:

"The Avis WIZARD decides if you get to drive a car. Your head won't touch the pillow of a Sheraton unless their computer says it's okay." -- Arthur Miller