stripe payment plugin httpS

Start
Prev
1
Next
End

jgold502
Topic Author
Offline

Posts: 15
Thank you received: 0

8 years 11 months ago #224723

-- HikaShop version -- : Starter: 2.6.0
-- Joomla version -- : 5.4.45
-- Browser(s) name and version -- : 41.0.1 firefox
-- Error-message(debug-mod must be tuned on) -- : no error

question, with the stripe payment plugin, does the local website have to have a ssl or is it secure in the plugin to input the credit card number?

Please Log in or Create an account to join the conversation.

nicolas
Away

Posts: 82863
Thank you received: 13372
MODERATOR

8 years 11 months ago #224756

Hi,

The Stripe payment plugin is secure without HTTPS on your own website. The credit card data is sent directly to Stripe with the Stripe javascript library over a HTTPS link from your browser to their servers.

Please Log in or Create an account to join the conversation.

Christophe-31
Offline

Posts: 69
Thank you received: 1

7 years 8 months ago #263794

Sorry to answer an old subject, but I've tested the Stripe plugin, and the form to enter the credit card number is not encrypted, is a full html form inside the page of hikashop... So, are you sure that the card number is really securised when the user type it ?

Thank you.

Please Log in or Create an account to join the conversation.

Christophe-31
Offline

Posts: 69
Thank you received: 1

7 years 8 months ago #263822

After analysis of the webpage, the form action return the datas inside the website, so, the data are not send directly to stripe :

<form action=" www.mysite.org/index.php?option=com_hika...nent&orderid=117 " method="POST" id="payment-form">

So, if my website is not in https, some hackers can intercept datas. No ?

Please Log in or Create an account to join the conversation.

Jerome
Away
HikaShop core developer

Posts: 26158
Thank you received: 4028
MODERATOR

7 years 8 months ago #263796

Hi,

The credit card data is sent directly to Stripe with the Stripe javascript library over a HTTPS link from your browser to their servers.

If you look at the javascript included on the page, you'll see that the submit of the form is catched and the data is sent via a javascript AJAX call to Stripe. That's done by the Stripe javascript file. The submit of the form is there so that the Stripe library will use it to send to HikaShop the token generated by Stripe during that AJAX call.
If you want more details ; please contact Stripe directly.

Note however that since then, you have the let's encrypt website which offers free SSL certificates and Google now penalizes websites without them in it's results. So this question is moot. You should add a SSL certificate on your website. It's free, it helps for SEO, it reassures the users, and secures any data entered by the user on your website, not only the credit card.

Regards,

Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Last edit: 7 years 8 months ago by nicolas.

Please Log in or Create an account to join the conversation.