Hi All, I'm looking for some guidance on PCI. I've read some of the posts on *Is OFBiz PCI compliant?* and I still have questions on the process to get certified.
http://lists.ofbiz.org/pipermail/users/2006-June/012459.html http://www.nabble.com/Users---OFBiz-application-security-td3263502.html What is the process on getting the certification from OfBiz's point of view? Is there a wiki or document to help us in the field secure for a PCI examination? Or a better question could be what are the specific areas to focus on for PCI compliance - ie. CC#, CVV code, etc. Obviously, one area of focus is on the installation of OFBiz to ensure that there are no "back doors" with the seed data used to build an OFBiz site. All users on the system need to accountable and have a purpose on the system without unecessary rights throughout the site. In addition, use of proper 256-bit SSL certificates for all browser communications. Any info on this is very much appreciated. Thanks in advance, -PH
