[FX.php List] How to get PCI compliance on a web app
Dale Bengston
dale.bengston at gmail.com
Mon Jun 20 20:51:50 MDT 2011
Bob,
Not an impossible list. Good news!
Dale
On Jun 17, 2011, at 6:00 PM, Bob Patin wrote:
> Now that I've been through the process, it turns out that it was fairly simple to get to PCI compliance:
>
> 1. I had to get IT to upgrade PHP to at least 5.2.3 (I believe that's the right version);
> 2. I had to get IT to turn off SSLv2 capability on the web server (not sure how it's done, they're working on that now);
> 3. I had to wrap all my $_POSTs with htmlspecialchars()
> 4. Their website programmer had put a phpinfo() page on the site at some point, and that needed to be removed; it's a bad thing to leave on any web server anyway because it gives all sorts of info that hackers would love to have.
>
> That last one was all that I had to do to my web app to get it to pass muster; I don't use $_GETs anywhere except for letting users view a product detail page, so that may have been why it was an easy fix to make.
>
> Much easier than I would have guessed... hope this helps someone along the way sometime.
>
> Best,
>
> Bob Patin
> Longterm Solutions
> bob at longtermsolutions.com
> 615-333-6858
> http://www.longtermsolutions.com
> iChat: bobpatin
> FileMaker 9, 10 & 11 Certified Developer
> Member of FileMaker Business Alliance and FileMaker TechNet
> --
> Expert FileMaker Consulting
> FileMaker Hosting for all versions of FileMaker
> PHP • Full email services • Free DNS hosting • Colocation • Consulting:
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.iviking.org/pipermail/fx.php_list/attachments/20110620/cb57365a/attachment.html
More information about the FX.php_List
mailing list