If this is deemed to be off topic can it be moved to the off topic forum please.
Having been on the internet for more than 10 years I have never had a virus and only one trojan horse. And for most of that time I have not had any anti-virus programme on my computer. But I do have other safeguards in place to assist me in watching out for unwanted attacks.
I have tried several times to place an order with Your Choice using a credit card and on each occasion I am getting warnings such as
[quote]Sanitised suspicious upload to [https://secure.ogone.com/ncol/prod/orderstandard.asp] from [https://checkout.yourchoice.nl/shop/CC.php]: transformed into a download-only GET request[/quote]
Is anyone else having similar issues?
Your Choice & Cross-Site Scripting
Re: Your Choice & Cross-Site Scripting
Are you using Firefox with Noscript by any chance?
Ogone is our payment service provider, and if you disable javascript it is not going to work. I can show you the actually javascript if you want, but changing the POST to GET requests will break it.
Ogone is our payment service provider, and if you disable javascript it is not going to work. I can show you the actually javascript if you want, but changing the POST to GET requests will break it.
Jacco
Re: Your Choice & Cross-Site Scripting
Why do you mandate JavaScript?
Re: Your Choice & Cross-Site Scripting
bill goss wrote:
> Why do you mandate JavaScript?
Actually, the only thing you need javascript for on our site is to see the popups for the boxcovers. I just made an order with my creditcard with javascript disabled completely and it works fine, the only difference is that with javascript you get a little window which says "Please wait while your request is being processed" and without you get that text in your main browser window. So we do not mandate it.
I've actually had a similar message as John.h2 had some time ago when I tried to make a Paypal donation on some site, and that turned out to be a problem of the Noscript add-on for Firefox, so that's why I asked if he was using that.
> Why do you mandate JavaScript?
Actually, the only thing you need javascript for on our site is to see the popups for the boxcovers. I just made an order with my creditcard with javascript disabled completely and it works fine, the only difference is that with javascript you get a little window which says "Please wait while your request is being processed" and without you get that text in your main browser window. So we do not mandate it.
I've actually had a similar message as John.h2 had some time ago when I tried to make a Paypal donation on some site, and that turned out to be a problem of the Noscript add-on for Firefox, so that's why I asked if he was using that.
Jacco
Re: Your Choice & Cross-Site Scripting
Yes I am using Firefox with Noscript.
As I trust Your Choice I have enabled scripts for that website.
I have not enabled Ogone as I have no idea who they are.
But the unanswered question here is what suspicious upload was transformed into a download only request?
It sounds to me like personal data is being moved between sites but if so how do I know how secure that information becomes in transit?
A browser indicates the security status of the website that you're on (lock symbol) but not of any other website, or of any information that is being attempted to be moved between websites.
I have also taken this up with a question to my credit card supplier, and also requested their Official Advice when presented with this type of warning.
As I trust Your Choice I have enabled scripts for that website.
I have not enabled Ogone as I have no idea who they are.
But the unanswered question here is what suspicious upload was transformed into a download only request?
It sounds to me like personal data is being moved between sites but if so how do I know how secure that information becomes in transit?
A browser indicates the security status of the website that you're on (lock symbol) but not of any other website, or of any information that is being attempted to be moved between websites.
I have also taken this up with a question to my credit card supplier, and also requested their Official Advice when presented with this type of warning.
Re: Your Choice & Cross-Site Scripting
Ogone is our payment service provider (http://www.ogone.com). They process the creditcard payments for us (and have been doing so for years).
The "suspicious upload" is the form for the creditcard payment. Both our site and Ogone use https, so the information is secure in transit. You can also click on the "Payment processed by Ogone" button for more info about Ogone.
Noscript does not give this warning when Ogone.com is a trusted site.
The "suspicious upload" is the form for the creditcard payment. Both our site and Ogone use https, so the information is secure in transit. You can also click on the "Payment processed by Ogone" button for more info about Ogone.
Noscript does not give this warning when Ogone.com is a trusted site.
Jacco