Pci Compliance

Please log in or Create an account to post or reply to topics.
Larry McHugh
Tue Jul 12, 16
11:20 AM
We are in the process make our network PCI Compliant. When a scan is made of our system the scan is reporting that "Web application transmits login credentials without encryption" and points to two php files as problems, pc_login.php and index.php.

In particular for pc_login it complains that the action pc_login.php?wbg=1 is a problem and for index.php it has an issue with action index.php?do=register.

How can I correct these problems? I'm assuming these have to be sent as https in the headers rather than http.
Tim - PicturesPro.com
Tue Jul 12, 16
2:33 PM
You should force your whole site to use httpS so all the pages are using that if you want to be PCI compliant.

You would do this with a .htaccess file in your root website folder. That can be done with this code in the .htaccess file

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.YOUR-DOMAIN.com/$1 [R,L]

If you can't get it to work, you should contact your host on the best way to do that.

Tim Grissett, DIA - PicturesPro.com || My Email Address: info@picturespro.com
This reply was deleted.
Loading more pages
Loading more pages
Sign up for email promotions.
Your information is safe with us and won't be shared.
Thank you for signing up!
©2003 - 2017 Grissett, LLC. All Rights Reserved.
Loading More Photos
Scroll To Top
Close Window