Jump to content

CubeCart 4 is in Violation with McAfee PCI Compliance as it sits


Guest Ace37

Recommended Posts

Guest Ace37

Hello,

I just got slap with a PCI Compliance Violation with McAfee Secure because the cubecart Admin url is not totally secure.

For the people that has PCI Compliance sites which it looks not much, because not much people talking about this subject.

There going to be a new law enforce in JUNE of 2010 for all PCI Compliance sites..

One of the requirements is to be able to pass for PCI Compliance you can't run a shopping cart that has a option to log in with SSL or Non SSL..

Other words, If your going to be setting up a site that is require a username and password it has to be fully SSL protect as soon as they land the log in page.

So the way Cubecart sits you have a choice to log in with SSL or Non SSL which is no longer accept with McAfee PCI Compliance.

Yes, you can check the box to use secure to activate the SSL with the Admin,..... but that is not good enough no longer when comes to having your site McAfee PCI Compliance.

I've tried everything to correct this issue but I didn't have any success with CubeCart 4. I don't remember having this issue with CuceCart 3.

So can anyone give me a solid solution on this issue please.. by making the Admin Url stay SSL without having checking the box to activate the SSL secure.

Best Regards,

Ace37

Link to comment
Share on other sites

Hello,

I just got slap with a PCI Compliance Violation with McAfee Secure because the cubecart Admin url is not totally secure.

For the people that has PCI Compliance sites which it looks not much, because not much people talking about this subject.

There going to be a new law enforce in JUNE of 2010 for all PCI Compliance sites..

One of the requirements is to be able to pass for PCI Compliance you can't run a shopping cart that has a option to log in with SSL or Non SSL..

Other words, If your going to be setting up a site that is require a username and password it has to be fully SSL protect as soon as they land the log in page.

So the way Cubecart sits you have a choice to log in with SSL or Non SSL which is no longer accept with McAfee PCI Compliance.

Yes, you can check the box to use secure to activate the SSL with the Admin,..... but that is not good enough no longer when comes to having your site McAfee PCI Compliance.

I've tried everything to correct this issue but I didn't have any success with CubeCart 4. I don't remember having this issue with CuceCart 3.

So can anyone give me a solid solution on this issue please.. by making the Admin Url stay SSL without having checking the box to activate the SSL secure.

Best Regards,

Ace37

Not sure if this is what you need, but this hack might help:

http://www.cubecartforums.org/index.php?sh...hl=secure+admin

Look at the second post in particular.

Link to comment
Share on other sites

Guest Ace37

Thanks a million jsgypsy for directing me to the right place to fix this issue...

The Angel hack did the trick

// if($_GET['ccSSL']==1){

$enableSSl = 1;

// }

Now my site is back to PCI Compliance :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...