[FX.php List] [ OFF ] Getting to PCI compliance
gareth.evans at rogers.com
Wed May 18 09:06:31 MDT 2011
The report will tell you what needs to be addressed. From my experience most of the stuff that needs to be done is on the server side of things like patching apache/php, installing firewalls/antivirus, blocking unused ports etc. From an application standpoint the usual security guidelines apply like forcing ssl on login/order entry forms, enforcing strong passwords, filtering data, disabling autocomplete on certain form fields etc. If you're storing card data then there are requirements for how it is stored in your systems and how employees can access that data. There is also an admin portion which requires drafting a security policy if you do not have one already.
The following link will have some general info about it, although if you don't manage the servers there may not be too much for to do depending on how you've written the app.
On 2011-05-18, at 9:52 AM, Bob Patin wrote:
> One of my clients has received a PCI compliance letter, and now I'm being asked to pull their cart into compliance.
> From what little I've read about it so far, it appears that I need to block the submission of certain characters -- the < , > , and some other symbols -- but is there more than that to be done to get to compliance?
> From what I can tell from the report they received, the client's web server needs a PHP update, but that's not my department... if anyone's already trod down this road, I'd appreciate any wisdom.
> Bob Patin
> Longterm Solutions
> bob at longtermsolutions.com
> iChat: bobpatin
> FileMaker 9, 10 & 11 Certified Developer
> Member of FileMaker Business Alliance and FileMaker TechNet
> Expert FileMaker Consulting
> FileMaker Hosting for all versions of FileMaker
> PHP • Full email services • Free DNS hosting • Colocation • Consulting:
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the FX.php_List