Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum

I'm a brand new user trying out Advanced iframe for the first time. So far, I love it! Absolutely no problem embedding two different sites, all are https, with different domains on both ends. The documentation is superb. I plan to upgrade to the Pro version.

But one question: One of the embedded sites contains "Protected Health Information (PHI)", and the other embedded site is for online bill payment. As compared to a user going directly to those sites rather than visiting them as embedded sites, is there any increased security risk? Because all the data transmissions should be encrypted with https on both ends, and nothing will be stored on my site, I'm assuming (and hoping) that the answer is that there is no increased security risk by having them embedded. Is that correct? (As you may know, in the U.S., the "HIPAA" rule imposes enormous penalties if there is any security breach involving PHI.)

Thank you!

If you are on different domains the parent does not know what is in the iframe.

iframes are seen as a security risk as you e.g can include hidden iframes to the pages that does something.
But this always means that the site has been hacked already!

So if PHI is secure I don't see any problem if it is included somewhere.

I only see problems if you mix http and https like described here:
http://www.tinywebgallery.com/blog/iframe-do-not-mix-http-and-https

But if both sites are https you see with the features I can offer that you are quite limited already!

Best, Michael