views:

215

answers:

2

I've been reading through a number of questions on this site regarding NSURLConnection and https, but most relate to "untrusted" certificates and how to allow them nonetheless. My question is a little more basic. I am building an app for a client who handle online donations, and I would like to load their donation script using an NSLURLRequest and POST the values of credit card details (entered in the app). Does NSURLConnection (when connecting to a https url) ensure the encryption of those details as they are sent to the donation script on my clients server? Sorry if this is a basic question, I just couldn't find a place in the apple docs that guaranteed this.

+2  A: 

Requiring trusted certificates prevents impersonation and man-in-the-middle attacks. The encryption will be as secure as the server requires.

Matthew Flaschen
A: 

Yes, if you are using HTTPS authentication all communication to the server is encrypted.

Try to be sure the server side is not storing the credit card information ANYWHERE, even temp directories. It is far, far more likely the server will be hacked and credit cards taken that way than anyone would intercept iPhone traffic.

Kendall Helmstetter Gelner
Thanks for that, the server side is very secure and no credit card details are stored. Does it make a difference whether I use GET or POST? I was planning on using POST.
drunken_elf
And just to understand correctly, does NSURLRequest first contact the server to check its certificate before sending any variables/parameters to it?
drunken_elf