Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

xpayments on seperate server
 
Reply
   X-Cart forums > X-Payments > X-Payments issues & questions
 
Thread Tools
  #1  
Old 04-29-2012, 03:26 AM
  a1deano's Avatar 
a1deano a1deano is offline
 

X-Adept
  
Join Date: Oct 2004
Posts: 745
 

Default xpayments on seperate server

Hi all ive been in talks with Handson hosting who have really been a massive help, they brought to my attention -

Can X-Payments be installed on a shared hosting?

Yes, provided that a separate account is used for hosting X-Payments. No other software must be installed and run under this account.

Whilst i understand this i am running a test using v4.5.0 with xpayments installed in root along with xcart, and all is running smooth, I have done a PCI scan this morning and all passed.
So surely this would satisfy my merchant bank that my site has a PCI certificate...

Other wise this means having a second package just to run xpayments on and all this add's up and is hard for a small site like us to pay out on....

Would i be breaking any laws?? even though my scan says i am compliant?
If i have to purchase a second server then I have to, i know i can use the form method then don't have to be pci compliant but i wish to take the next step up and keep people on my site when paying...any advise on this please...thanks
__________________
--------------
V4.6.1
xcartmods - Reboot Template

X-cart - X-PDF

Altered Cart - Checkout one
Reply With Quote
  #2  
Old 04-29-2012, 03:53 AM
  totaltec's Avatar 
totaltec totaltec is offline
 

X-Guru
  
Join Date: Jan 2007
Location: Louisville, KY USA
Posts: 5,823
 

Default Re: xpayments on seperate server

If you read the specifications for pci compliance and interpret them literally, it does appear that you need a separate server.
Quote:
2.2.1 Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server.
(For example, web servers, database servers, and DNS should be implemented on separate servers.)
Note: Where virtualization technologies are in use, implement only one primary function per virtual system component.
Though for some reason, several members of this forum disagree with this standpoint.
__________________
Mike White - Now Accepting new clients and projects! Work with the best, get a US based development team for just $125 an hour. Call 1-502-773-6454, email mike at babymonkeystudios.com, or skype b8bym0nkey

XcartGuru
X-cart Tutorials | X-cart 5 Tutorials

Check out the responsive template for X-cart.
Reply With Quote
  #3  
Old 04-29-2012, 04:03 AM
  a1deano's Avatar 
a1deano a1deano is offline
 

X-Adept
  
Join Date: Oct 2004
Posts: 745
 

Default Re: xpayments on seperate server

Thank for that so if its written in the pci specifications then even thou my scan will be complaint from a legal stand point i won't be fully compliant and if anything were to go wrong then i could be leaving my self open to a massive fine $10,000 if i am correct.....not worth the risk if you see it from that point then..Thank you for this info.
__________________
--------------
V4.6.1
xcartmods - Reboot Template

X-cart - X-PDF

Altered Cart - Checkout one
Reply With Quote
  #4  
Old 04-29-2012, 07:17 AM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 13,615
 

Default Re: xpayments on seperate server

Quote:
2.2.1 Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server.
(For example, web servers, database servers, and DNS should be implemented on separate servers.)
Note: Where virtualization technologies are in use, implement only one primary function per virtual system component.

If you literally follow this then XC (and any other shopping system that uses db) cannot be compliant unless you have one server to run the web site and another server to run MySQL. XC requires webserver and database server installed Sites on VPS will have to use 2 VPS systems as well.

On top of that if you want to host your own email server you have to get another machine...

Anyone using 2 machines with their XC store? I don't think so. I think this is another one of these parts of PCI spects where it all depends on your bank, how much they like you, or if the bank officer woke up in a good mood this morning....
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote
  #5  
Old 04-29-2012, 07:46 AM
  a1deano's Avatar 
a1deano a1deano is offline
 

X-Adept
  
Join Date: Oct 2004
Posts: 745
 

Default Re: xpayments on seperate server

This subject is such a minefield really as long as your scan says you are compliant i can't see the harm if both xcart and xpayments are both in root.

Wonder what your merchant bank would say once you've handed them your PCI compliant certificate, don't think they would even care if xpayments wasn't in its own server or not, you have a certificate saying your compliant....which means you meet all the requirements, its fine if you have the spare cash to run two servers both with dedicated ip's and two ssl certificates.
But for us small guys every bit of money counts....
I am so 50/50 in what to do but i have till v4.5.0 goes stable to decide..lol
__________________
--------------
V4.6.1
xcartmods - Reboot Template

X-cart - X-PDF

Altered Cart - Checkout one
Reply With Quote
  #6  
Old 04-29-2012, 11:23 PM
  ambal's Avatar 
ambal ambal is offline
 

X-Cart team
  
Join Date: Sep 2002
Posts: 4,106
 

Default Re: xpayments on seperate server

> But for us small guys every bit of money counts....

I think small guys should go with a payment gateway hosted credit form option and do not increase their level of PCI-DSS compliance.
__________________
Sincerely yours,
Alex Mulin
VP of business development for X-Cart
X-Payments project manager
Reply With Quote
  #7  
Old 04-30-2012, 03:06 AM
  a1deano's Avatar 
a1deano a1deano is offline
 

X-Adept
  
Join Date: Oct 2004
Posts: 745
 

Default Re: xpayments on seperate server

Yes to a degree i understand this but the next move forward would be to keep your customers on your site, i am sure i read some were on this forum that not everyone likes been redirected to a payment gateway then back again to your site, hence could result in a lost sale! ok for most people they might not care about been redirected but if you can keep the sale simple all in one easy move on your site then surely this has to be better...?
__________________
--------------
V4.6.1
xcartmods - Reboot Template

X-cart - X-PDF

Altered Cart - Checkout one
Reply With Quote
Reply
   X-Cart forums > X-Payments > X-Payments issues & questions


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 01:12 PM.

   

 
X-Cart forums © 2001-2018