Menu
I have a generic question which I am trying to get a bit of information on.
I have a server and on this server I have a webform which submits to an API.
A third party company has a server and they need to host my form. As such, they IFrame my form into their page.
Is there any possible way for the third party company to obtain the data entered into the form contained within the iframe? Will their Apache logs record the data? Can they do something on their server which can help them get data?
My server is secure, it wont allow CORS or anything of this sort. The question is whether they can do anything their side to obtain the inputted data?
556
No then can't access the content of the iframe because it's not in their domain.
Yes they can trick the user to steal the input : display something that looks like your iframe but is controlled by them, or use Clickjacking.
And, if they use http, even if your iframe use https, an attacker can do that too and steal their data.
90
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
