[FX.php List] How to get PCI compliance on a web app
Bob Patin
bob at patin.com
Fri Jun 17 17:00:26 MDT 2011
Now that I've been through the process, it turns out that it was fairly simple to get to PCI compliance:
1. I had to get IT to upgrade PHP to at least 5.2.3 (I believe that's the right version);
2. I had to get IT to turn off SSLv2 capability on the web server (not sure how it's done, they're working on that now);
3. I had to wrap all my $_POSTs with htmlspecialchars()
4. Their website programmer had put a phpinfo() page on the site at some point, and that needed to be removed; it's a bad thing to leave on any web server anyway because it gives all sorts of info that hackers would love to have.
That last one was all that I had to do to my web app to get it to pass muster; I don't use $_GETs anywhere except for letting users view a product detail page, so that may have been why it was an easy fix to make.
Much easier than I would have guessed... hope this helps someone along the way sometime.
Best,
Bob Patin
Longterm Solutions
bob at longtermsolutions.com
615-333-6858
http://www.longtermsolutions.com
iChat: bobpatin
FileMaker 9, 10 & 11 Certified Developer
Member of FileMaker Business Alliance and FileMaker TechNet
--
Expert FileMaker Consulting
FileMaker Hosting for all versions of FileMaker
PHP • Full email services • Free DNS hosting • Colocation • Consulting:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.iviking.org/pipermail/fx.php_list/attachments/20110617/62475230/attachment.html
More information about the FX.php_List
mailing list