PDA

View Full Version : general question on <iframe>'s ...



Rustydogg
24 Mar 2011, 06:01 PM
hi Folks;
new to this group, hope I'm posting in the right place...

Although I've done site design for several years, I've never used the IFRAME tag, and I'm not sure of its security implications.

I'm working on a site for a client, who is working with sales affiliates to share revenue from sales, that obviously are tracked by the client's shopping cart process.

One of the affiliates wants us to place an <iframe> code on our sales & thankyou pages, something like one of these two examples:



<iframe src="http://website1.com/p/aff/sale/?amount=XXXX" width="1" height="1" ></iframe>

......

<iframe src="http://website1.com/p/aff/sale/?orderid=XXXX&amount=XXXX" width="1" height="1" ></iframe>


Can anyone tell me if this is a possible security breach of our website or server? I think the affiliate wants to track completed sales with some kind of cookie system generated on his own site ....

Thanks for any feedback ...

Rusty

Wickham
25 Mar 2011, 01:51 AM
I'm guessing, so I may be corrected.

When a web page is shown in an iframe it's downloaded from the affiliate's domain server, so the only statistics that would be available from the iframe would be the statistics on the affiliate's server. The affiliate's web pages could incorporate a cookie which would tell him how many downloads were from each of your client's pages in the iframe.