This has gone off-topic, so I won't belabor my point, but the PCI principles clearly show it's more geared towards the server-side, as the browser itself never had to be "PCI compliant" or any such rubbish. And no GWT interface tool can ensure PCI compliance either. A server that has gone through the compliance analysis is key, so if that part is taken over with the GWT interface, then I surely understand that.
The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized: *Build and Maintain a Secure Network* *Requirement 1:* Install and maintain a firewall configuration to protect cardholder data *Requirement 2:* Do not use vendor-supplied defaults for system passwords and other security parameters *Protect Cardholder Data* *Requirement 3:* Protect stored cardholder data *Requirement 4:* Encrypt transmission of cardholder data across open, public networks *Maintain a Vulnerability Management Program* *Requirement 5:* Use and regularly update anti-virus software *Requirement 6:* Develop and maintain secure systems and applications *Implement Strong Access Control Measures* *Requirement 7:* Restrict access to cardholder data by business need-to-know *Requirement 8:* Assign a unique ID to each person with computer access *Requirement 9:* Restrict physical access to cardholder data *Regularly Monitor and Test Networks* *Requirement 10:* Track and monitor all access to network resources and cardholder data *Requirement 11:* Regularly test security systems and processes *Maintain an Information Security Policy* *Requirement 12:* Maintain a policy that addresses information security -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=.
