View Single Post
  #8  
Old 05-01-2012, 08:10 AM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 14,190
 

Default Re: Does X-Payments have to live on a separate server?

Securing the server - physically and online - is an ongoing process, it never stops and there is always a risk of someone to break in. You cannot prevent this no matter what you do and the PCI-DSS is not there to stop hacking but to make it more difficult and close to imposible, at least my understanding.

My point was if for example you install XPayments on shared hosting and someone else hosts there say WP site and that WP site is hacked to a point the hacker gets access to the server it is possible they get access to your XPayments install and db as well. You did everything required to prevent this and you did scans and you get your cert... but the other guy is not responsible for keeping your site out of trouble, they just host informational WP site and don't care much about security... Your bank will hold you responsible... Of course the host has to make sure server is PCI compliant but that doesn't mean it cannot be hacked because one of the sites on it is vulnerable
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote