Sign in to follow this  
qnh

Unencrypted Shopping Cart

Recommended Posts

I was about to purchase the B1900 and checked the security on the page. It would appear that my credit card details would be transmitted in the clear rather than being encrypted. What's happening here?ScottYBTL

Share this post


Link to post
Share on other sites
Help AVSIM continue to serve you!
Please donate today!

Scott,Head on over to PMDG's site, click on the "sales" tab. Scroll down until you find the red paragraph, it contains the answer to your question.In short, it is encrypted.Cheers,Roger

Share this post


Link to post
Share on other sites

The reason it appears to be unencrypted is due to the fact that the shopping cart system is contained within a frameset that is not encrypted. The shopping cart pages themselves ARE encrypted though.When in doubt, right-click the page where you enter your CC information, and choose "properties." You can then see the details about the page's encryption where it says "Connection:". As Scott points out, this is noted on the PMDG Sales page, just before you click to the page where you choose the product you wish to buy.

Share this post


Link to post
Share on other sites

I have checked the properties and come up with the message in the attached file.Not overly reassuringScottYBTL

Share this post


Link to post
Share on other sites

rightclick inside the frame, then propertiesYou should see this message (this is dutch :()SSL 3.0, RC4 met 128-bits codering (Hoog); RSA met 1024-bits overdracht

Share this post


Link to post
Share on other sites

Scott,Make sure you are at the "order checkout" page. Click near the entry fields. It should read something like this: SSL 3.0, RC4 with 128 bit encryption (High); RSA with 1024 bit exchange .Cheers,Roger

Share this post


Link to post
Share on other sites

I clicked in the card number field and got the same properties. ScottYBTL

Share this post


Link to post
Share on other sites

Must be a netscape thing ... it probably always gives the properties for the outer frame.To open the shopping cart system in it's own window, and not in a frame, click the "Buy Now" link on the 1900 page while holding the shift key. (At least that's how you do it in IE, not sure how in Netscape. You might have to right click the "Buy Now" button then choose "open in new window" or something similar.) Then you will be proceeding through the checkout process in a separate window, which will not be framed. Once you get to the credit card entry page, you won't even be on the PMDG site anymore, since their secure checkout form is hosted by "secure.dalmoworks.net", probably a third-party secure transaction provider.

Share this post


Link to post
Share on other sites

One wonders why PMDG can't do purchasing the same way as most other sites?ScottYBTL

Share this post


Link to post
Share on other sites

I dunno, it's actually pretty common to use a third-party secure transactions provider, which are a dime-a-dozen these days. Even some of the largest companies use that method ... one less thing to have to maintain internally.

Share this post


Link to post
Share on other sites

Generally if you look at your URL, you will see.Http:// = unsecureHttps:// = secure cocket layer.Notice the S in https://If you have a padlock icon on your status bar it will be locked when using a secure socket layer. If you do online banking you will notice the same thing.I will not enter credit card numbers or other personal info unless the connection is thru a secure socket layer which is incripted.Regards

Share this post


Link to post
Share on other sites

The URL is http, no s. It's a shame really I was looking forward to the B1900.ScottYBTL

Share this post


Link to post
Share on other sites

You don't go on to the secure server until you click the "Proceed To Checkout" button. The product selection and shopping basket screens are not secure (they don't need to be as no data needs to be transmitted from these screens) but the payment details screen is, as shown below. This payment screen is contained in a PMDG frame, however, which is why the padlock icon won't appear in your browser.http://forums.avsim.net/user_files/61850.jpgRegards,Tom Williams

Share this post


Link to post
Share on other sites

Tom,WinXp may be different?If you notice your attachment says: SSL 3.0, this tells me it is indeed using a secure socket layer, SSL=Secure Socket Layer.RC4 is the encryption algorithm used, 1024 bit.I would have no problems whatsoever downloading from PMDG's site!!To be honest I never noticed one way or the other when I DLoaded 737NG, broke my own rules, ha!PMDG is a fine company, as is Avsim, that you can take to the bank.Regards

Share this post


Link to post
Share on other sites

Scott, the URL certainly is https ... you aren't looking at the right one. If you follow my instructions for opening the shopping cart in a new window, you will see it. The URL for the page where you enter your CC number is:https://secure.dalmoworks.net/PDM1/ordercheckout.aspI'd hate to see you miss out on this fantastic plane because of a minor misconception such as this.

Share this post


Link to post
Share on other sites

Hey Scott, Bought my 1900D on Visa. Went straight off and got my sideline 'Croc Air' going. (no livery yet, just painted out Impulse) Loaded her with 19 PAX and off to Gove (YPGV) out of Darwin (YPDN). Put her down like a charm and the PAX were happy. Off they got and while me 'china' and I were cleaning the 1900 up, out comes a croc and bites 18inches off of one of the starboard propeller blades. 'Crikey', I sez, 'call the PAX back'. You have never seen a 1900 loaded like this. And no toilet (note Robert Randazzo). Not too much of a start checklist here (well that's what PMDG Express is about) and the fans were turning in no time. Off we went. A bit of a vibration on the right side, but the PAX were happy. Commuter Airlines - all fun.I am thinking of a new venture. Need a 737 900, how long do you think I will need to wait??Ohh, my company has not gone bust, well yet, due to the use of Visa. Keep you posted.RegardsJockYMML

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this