I am working on payment module which includes credit card transaction.

I have a domain FOOXYZ.COM (IP: x.x.x.x) which is secured with SSL and I can access it with https://fooxyz.com

Now in fooxyz.com I have a page payment.php https://fooxyz.com/payment.php
In payment.php I am accessing an IFRAME and the source of this iframe is at BARxyz.COM (ip: y.y.y.y)

Means payment.php page at FOOxyz.COM includes
<IFRAME src="http://barxyz.com/bar_payment.php">

Now I want to know is this secure method for online transaction or is it breach of security do I need to secure BARxyz.COM also ???

So that I would use
<IFRAME src="httpS://barxyz.com/bar_payment.php">

Waiting for valuable response, thanx in advance

Well, if it is used in the actual processing I consider it insecure. If it is additional handling and nothing of value is transmitted, note that users will still get a message from the browser that insecure content is being loaded. A lot of users will then abort.

Well, if it is used in the actual processing I consider it insecure. If it is additional handling and nothing of value is transmitted, note that users will still get a message from the browser that insecure content is being loaded. A lot of users will then abort.

Yes I will be doing REAL ONLINE TRANSACTION using iframe. So what is the solution now ?? How can I access an http iframe source in https page so that transation will be seured.

and I didnt get this

If it is additional handling and nothing of value is transmitted

Never mind the last statement.

If you really want to do it using an iframe I'd recommend using SSL on both servers.

Thank you for quick reply.

So are you sure that I need SSL for both the server ??
For that I have to purchase SSL certificate for second seerver also and that will be costly, but if that is the only solution I will buy it. Waiting for your suggestion.

Since you own both servers, is it not possible to move or copy the code to the other machine ?

My desgin is like I have one centralized server and N numbers of servers will be added to it . Number of server attached with centralized box may increase depending upon our requirement.

Currently I have one centralized server and 15 more nodes is added with IFRAME from there .