Guest Ace37 Posted June 2, 2010 Share Posted June 2, 2010 Hello, I just got slap with a PCI Compliance Violation with McAfee Secure because the cubecart Admin url is not totally secure. For the people that has PCI Compliance sites which it looks not much, because not much people talking about this subject. There going to be a new law enforce in JUNE of 2010 for all PCI Compliance sites.. One of the requirements is to be able to pass for PCI Compliance you can't run a shopping cart that has a option to log in with SSL or Non SSL.. Other words, If your going to be setting up a site that is require a username and password it has to be fully SSL protect as soon as they land the log in page. So the way Cubecart sits you have a choice to log in with SSL or Non SSL which is no longer accept with McAfee PCI Compliance. Yes, you can check the box to use secure to activate the SSL with the Admin,..... but that is not good enough no longer when comes to having your site McAfee PCI Compliance. I've tried everything to correct this issue but I didn't have any success with CubeCart 4. I don't remember having this issue with CuceCart 3. So can anyone give me a solid solution on this issue please.. by making the Admin Url stay SSL without having checking the box to activate the SSL secure. Best Regards, Ace37 Quote Link to comment Share on other sites More sharing options...
jsgypsy Posted June 3, 2010 Share Posted June 3, 2010 Hello, I just got slap with a PCI Compliance Violation with McAfee Secure because the cubecart Admin url is not totally secure. For the people that has PCI Compliance sites which it looks not much, because not much people talking about this subject. There going to be a new law enforce in JUNE of 2010 for all PCI Compliance sites.. One of the requirements is to be able to pass for PCI Compliance you can't run a shopping cart that has a option to log in with SSL or Non SSL.. Other words, If your going to be setting up a site that is require a username and password it has to be fully SSL protect as soon as they land the log in page. So the way Cubecart sits you have a choice to log in with SSL or Non SSL which is no longer accept with McAfee PCI Compliance. Yes, you can check the box to use secure to activate the SSL with the Admin,..... but that is not good enough no longer when comes to having your site McAfee PCI Compliance. I've tried everything to correct this issue but I didn't have any success with CubeCart 4. I don't remember having this issue with CuceCart 3. So can anyone give me a solid solution on this issue please.. by making the Admin Url stay SSL without having checking the box to activate the SSL secure. Best Regards, Ace37 Not sure if this is what you need, but this hack might help: http://www.cubecartforums.org/index.php?sh...hl=secure+admin Look at the second post in particular. Quote Link to comment Share on other sites More sharing options...
Guest Ace37 Posted June 3, 2010 Share Posted June 3, 2010 Thanks a million jsgypsy for directing me to the right place to fix this issue... The Angel hack did the trick // if($_GET['ccSSL']==1){ $enableSSl = 1; // } Now my site is back to PCI Compliance :) Quote Link to comment Share on other sites More sharing options...
Guest Roger Huston Posted June 7, 2010 Share Posted June 7, 2010 Yea, I did that and I also removed the check box. I don't want anyone logging in non SSL. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted June 8, 2010 Share Posted June 8, 2010 We will make this a standard feature. Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.