Follow Slashdot stories on Twitter


Forgot your password?

Submission + - Pandora's purchase page security

Outtascope writes: Getting web security wrong is easy. Getting security wrong when you have 200+ million registered users is scary. Pandora's purchase page uses https to transmit your credit card information to their servers, but serves up the form into which you place that information over plain http. I'll leave it as an exercise for the reader to iterate the ways in which this could lead to profit for those with bad intents.

Pandora technical support asserts that this is perfectly secure and meets the requirements of all the credit card processing regulations. They also state that serving music over https would be too resource intensive — apparently because making the purchase page show in a new tab or a pop-up window would rely upon a technology that hasn't yet been invented.

What's your take? Would you or have you made a purchase with Pandora using their payment page without being able to verify the authenticity of that page?
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Pandora's purchase page security

Comments Filter:

Statistics are no substitute for judgement. -- Henry Clay