Thread: Install Xpayments on development site?
View Single Post
  #15  
Old 06-19-2012, 08:13 PM
  gb2world's Avatar 
gb2world gb2world is offline
 

X-Wizard
   
Join Date: May 2006
Location: Austin, TX
Posts: 1,970
 
Default Re: Install Xpayments on development site?
Thanks, Ambal -

The recommendations are a bit confusing. Below are the three statements from QT I have found to try and understand what is an installation requirement to adhere to based on your QSA review and PA-DSS approval, as well as what are recommendations by QT. Would it be possible for QT to make a clear statement in the installation instructions or at least in the FAQ?:

Now in the FAQ:
Quote:
Can X-Payments be installed on server where my shopping cart software is hosted or do I need a separate web-server?

Both options are allowed. X-Payments can be set up either together with your shopping cart software or on a separate server (X-Payments uses SSL connection to exchange data with your store).
Can X-Payments be installed on a shared hosting?

Yes, provided that a separate account is used for hosting X-Payments. No other software must be installed and run under this account.

In the forum, by Sergey Fomin in April
Quote:
The X-Payments application and its payment page can be hosted:

- on a separate server (PCI-DSS compatible hosting) =OR=
- on the same web-server as your X-Cart store (but it must be under a separate hosting account on a PCI-DSS compatible hosting).
And your latest:
Quote:
Separate VIRTUAL server/jail environment on a server is minimal requirement.

If I combine all those, I take it to mean:
- X-Payments may be installed on a dedicated server in the same directory structure as an X-cart instance
- QT does not recommend installing X-Payments on a shared hosting server
- On a VPS where an X-Cart instance is installed, X-Payments may be installed under a separate hosting account on the same VPS. A unique VPS only for X-Payments is not required in this instance.
- If a host is willing to create X-Payments specific hosting - a VPS or dedicated server could be dedicated to accounts each running an X-Payments instance, and no other software. A unique VPS only for X-Payments is not required in this instance.

If it were possible to put a clear direction in an official place like the Installation Instructions and README in the distribution, or a semi official place like the FAQ - it would help a lot to clear up confusion.

Of course, you could add the disclaimer about checking with one's own QSA. It would be helpful to know the recommendations of your own QSA, or the installation conditions under which you were granted approval.

---
__________________
X-CART (4.1.9,12/4.2.2-3/4.3.1-2/4.4.1-5)-Gold
(CDSEO, Altered-Cart On Sale, BCSE Preorder Backorder, QuickOrder, X-Payments, BCSE DPM Module)
Reply With Quote