| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | User manuals | Login |
X-Cart and PCI DSS / PA-DSS compliance | ||||
|
|
Thread Tools |
#61
|
|||||||||
|
|||||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
If so, I believe you will need X-Payments. X-Cart won't be certified as a PA-DSS verified application. As far as I know it will be prohibited to use solutions that are not certified. For now I can't say how much work it will take to make an X-Cart 4.1 store integrated with X-Payments. We haven't tried it yet. Quote:
There is an idea that we may implement in future X-Payments versions. Quote:
Since X-Payments will be isolated from X-Cart and other web applications installed on your server, hackers won't be able to hack X-Payments via a bug in other applications. Also, PCI DSS ensures that the payment application create logs and that the logs contain all the information needed to catch a hacker. |
|||||||||
#62
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
Quote:
If this kind of stuff is going to make it into your PA-DSS required implementation guide you are going to put yourselves at a significant disadvantage in the market place. Forcing merchants onto multiple dedicated servers/VPS, X-Cart on one and X-Payments on another, will send your old and new customers to competitive shopping carts that have done the job right and don't impose silly "PCI requirements" that don't exist.
__________________
Manuka Bay Company X-Cart Version 4.0.19 [Linux] UGG Boots and other fine sheepskin products http://www.snowriver.com |
|||||||
#63
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
I smell language barrier here...
A couple of years ago, X-Cart put all kinds of PayPal code in place that was one person's interpretation of the contract -- but the reality was that none of the "requirements" were in the contract. X-Cart's engineer just misread it/interpeted it incorrectly. Sounds too familiar. I'm with Ralph on this...
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4 |
|||||||
#64
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
@geckoday
I should point out that using suPHP is a deprecated security method (and also very slow and very buggy). It was mainly a workaround because Apache's suExec at the time didn't work correctly with PHP in FastCGI mode. This is no longer true (we've been running FastCGI + SuExec for years). |
|||||||
#65
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
__________________
Manuka Bay Company X-Cart Version 4.0.19 [Linux] UGG Boots and other fine sheepskin products http://www.snowriver.com |
|||||||
#66
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
__________________
Manuka Bay Company X-Cart Version 4.0.19 [Linux] UGG Boots and other fine sheepskin products http://www.snowriver.com |
|||||||
#67
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
Actually suPHP has no real advantages over SuExec + FastCGI. The configuration is still extremely basic (also everything that can be done in suPHP's configuration can be done in the FastCGI+SuExec method). There's also the fact that it's not mpm-worker friendly (at least the last time I tried it, it constantly cored and mpm-prefork is not SMP friendly). Besides with the fact that Apache took over the mod_fcgid project and is integrating it into Apache 2.3 the FastCGI support is far better than it was years ago. |
|||||||
#68
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
__________________
Manuka Bay Company X-Cart Version 4.0.19 [Linux] UGG Boots and other fine sheepskin products http://www.snowriver.com |
|||||||
#69
|
|||||||
|
|||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
Yeah I think we'll pretty much end it there to avoid detracting from the thread. I do agree with you on that bad information concerning shared hosts. Unless it was a really cheap poorly ran shared host there's nothing saying you can't practice eCommerce on it and be compliant. |
|||||||
#70
|
|||||||||
|
|||||||||
Re: X-Cart and PCI-DSS / PA-DSS compliance
Quote:
Then why not just make X-Cart PCI-DSS instead of developing a new application to handle this? Originally I was under the impression XPayments will be integrated part of xcart store not almost like payment gateway
__________________
Steve Stoyanov CFLSystems.com Web Development |
|||||||||
|
|||
X-Cart forums © 2001-2020
|