On Sun, Mar 6, 2011 at 12:41 AM, Paul Saenz <forensicneoph...@gmail.com>wrote:
> I have seen what the nomenclature for PCI DSS and what they stand for. > I just didn't pay much attention to it, and so I called DDS.... So > shoot me! I never said anything about wanting a free open source PCI > DSS compliant shopping cart, not did I say I wanted to produce a free > open source PCI DSS compliant shopping cart. I simply asked if anyone > had good information in the form of tutorials on how to program one in > PHP. If you are so concerned about me getting the acronym correct, > then why shouldn't you at least try to find out what the thread is > really about before you answer? > Regardless of what you do or do not know about PCI DDS, if you are asking for tutorials on writing and configuring a shopping cart that needs to be PCI DDS compliant then you aren't ready to be writing your own. Start with writing and understanding the basics of a shopping cart, which there are plenty of tutorials on. Then read the docs and understand what you need to do to be compliant, and research the things you don't understand. I really don't think anyone is intentionally trying to be critical, but you are asking for help on something that is a little more advanced and it doesn't seem like you are ready for it. Reading the documents and independent research should give you what you need to do the job. It doesn't mean you understand every single thing, but reading and experience should be enough for you to make the changes to the infrastructure, and the application to be compliant. I have never had to deal with PCI DDS, but based off my experience with SOX and speaking with those involved with PCI it might be too much work for one person starting from scratch to get done in a decent amount of time. Especially if it isn't your full time job. With that said, it seems like there have been a decent number of topics lately that are either way beyond what should be handled on a mailing list, or something that could be easily solved by doing a search. In my experience that usually leads to people jumping on the RTFM responses and making people feel like they can't ask questions. I don't think anyone wants that to happen to this list so it might be good to spend the extra time searching before emailing. I would recommend just paying the money for an existing solution. It comes down to how much your time is worth, and if learning what you will learn is really worth it. If it is going to take you months to write this, and you won't benefit much from what you learn then its not worth the money you are saving by writing it yourself. > On Sat, Mar 5, 2011 at 10:36 PM, Dante Lanznaster <dant...@gmail.com> > wrote: > > On Sat, Mar 5, 2011 at 8:37 PM, Paul Saenz <forensicneoph...@gmail.com> > > wrote: > >> > >> Yes, I am aware of all those requirements. Because of the way it is > >> set up, AWS provides compliance for many of those factors, and they > >> have several AMIs that meet the requirements of PCI DDS compliance in > >> their respective factors. Of course SSL gateways and no remote access > >> are some of the things that the administrator will have to implement. > >> As I have been looking over the requirements of PCI DDS compliance, I > >> just thought I'd ask the group if anyone has good information or > >> documentation about how to program a shopping cart that will be > >> compliant in PHP. So letting alone all the other factors that apply, > >> I'm just asking about that which applies to php. > >> > >> I know of a company that provides a PHP shopping cart that is PCI DDS > >> compliant for $500+ depending on how many items are being sold, and > >> they give a training course on how to deploy and configure it for > >> $2500. If I go that route, then I am free to sell that shopping cart > >> to anyone I desire. Nevertheless, it seems to me that it may be worth > >> my while to learn how to program and configure one myself. > >> > > You might want to start by knowing what the nomenclature stands for. You > > keep repeating the PCI DDS acronym without knowing what it means. > > > > PCI - Payment Card Industry > > DSS - Data Security Standards > > > > There is no DDS in this, the same way that there's no HIPPA. > > > > On another note, there's a reason why there's no free open source PHP > > shopping cart. When you get to develop one that's PCI-DSS compliant, > > you'll know what I mean. > > > > If you really want to get into this, the PCI-DSS standards are well > > described on the official website, https://www.pcisecuritystandards.org > > and it's no generic information. > > > > Once you get familiar with the requirements, (please download the PDFs) > > and develop a fully compliant free open source PHP shopping cart, please > > do post here and we'll be glad to spread the word. > > > > -- > > Dante > > > > _______________________________________________ > > LinuxUsers mailing list > > LinuxUsers@socallinux.org > > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > > > > > _______________________________________________ > LinuxUsers mailing list > LinuxUsers@socallinux.org > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >
_______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
