Paul Saenz <forensicneoph...@gmail.com> wrote:
I have seen what the nomenclature for PCI DSS and what they stand for. I just
didn't pay much attention to it, and so I called DDS.... So shoot me! I never
said anything about wanting a free open source PCI DSS compliant shopping cart,
not did I say I wanted to produce a free open source PCI DSS compliant shopping
cart. I simply asked if anyone had good information in the form of tutorials on
how to program one in PHP. If you are so concerned about me getting the acronym
correct, then why shouldn't you at least try to find out what the thread is
really about before you answer? On Sat, Mar 5, 2011 at 10:36 PM, Dante
Lanznaster <dant...@gmail.com> wrote: > On Sat, Mar 5, 2011 at 8:37 PM, Paul
Saenz <forensicneoph...@gmail.com> > wrote: >> >> Yes, I am aware of all those
requirements. Because of the way it is >> set up, AWS provides compliance for
many of those factors, and they >> have several AMIs that meet the requirements
of PCI DDS compliance in >> their respective factors
. Of
course SSL gateways and no remote access >> are some of the things that the
administrator will have to implement. >> As I have been looking over the
requirements of PCI DDS compliance, I >> just thought I'd ask the group if
anyone has good information or >> documentation about how to program a shopping
cart that will be >> compliant in PHP. So letting alone all the other factors
that apply, >> I'm just asking about that which applies to php. >> >> I know of
a company that provides a PHP shopping cart that is PCI DDS >> compliant for
$500+ depending on how many items are being sold, and >> they give a training
course on how to deploy and configure it for >> $2500. If I go that route, then
I am free to sell that shopping cart >> to anyone I desire. Nevertheless, it
seems to me that it may be worth >> my while to learn how to program and
configure one myself. >> > You might want to start by knowing what the
nomenclature stands for. You > keep repeating the PCI DDS acronym withou
t
knowing what it means. > > PCI - Payment Card Industry > DSS - Data Security
Standards > > There is no DDS in this, the same way that there's no HIPPA. > >
On another note, there's a reason why there's no free open source PHP >
shopping cart. When you get to develop one that's PCI-DSS compliant, > you'll
know what I mean. > > If you really want to get into this, the PCI-DSS
standards are well > described on the official website,
https://www.pcisecuritystandards.org > and it's no generic information. > >
Once you get familiar with the requirements, (please download the PDFs) > and
develop a fully compliant free open source PHP shopping cart, please > do post
here and we'll be glad to spread the word. > > -- > Dante >
>_____________________________________________
> LinuxUsers mailing list > LinuxUsers@socallinux.org >
> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >
> >_____________________________________________
LinuxUsers mailing list LinuxUsers@socallinux.org
http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
The two standardd are vastly different. Its a very critical distinction. Dante
was right to call you out. You do realize non compliance could cost you and
your users a lot of money right? Potentially even federal prision time or
consent decree for you as the author of the software. This is an advanced topic
that takes hundreds of ongoing hours to master. It really is something you want
to have people helping you with on a paid basis at an expert level.
As for programming one you dont really have anything special to do beyond solid
programming practices. Https everywhere, encrypted database records, input
validation etc. The key thing is getting certified as pci compliant. This
requires ongoing audits and certifications. Every single git push now has a
cost associated with it for revalidation.
Yes I've done way to much compliance work (multiple global ecommeece houses and
an extremely well known processor). Hire me if you want pci magic.
--
charles n wyble
Systems craftsman to the stars
Xmpp/sip/smtp char...@knownelement.com
Office: 310 929 8793
Cell: 626 539 4344
_______________________________________________
LinuxUsers mailing list
LinuxUsers@socallinux.org
http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
