Pci Compliance

Please log in or Create an account to post or reply to topics.
Larry McHugh
Tue Jul 12, 16
11:20 AM
We are in the process make our network PCI Compliant. When a scan is made of our system the scan is reporting that "Web application transmits login credentials without encryption" and points to two php files as problems, pc_login.php and index.php.

In particular for pc_login it complains that the action pc_login.php?wbg=1 is a problem and for index.php it has an issue with action index.php?do=register.

How can I correct these problems? I'm assuming these have to be sent as https in the headers rather than http.
Tim - PicturesPro.com
Tue Jul 12, 16
2:33 PM
You should force your whole site to use httpS so all the pages are using that if you want to be PCI compliant.

You would do this with a .htaccess file in your root website folder. That can be done with this code in the .htaccess file

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.YOUR-DOMAIN.com/$1 [R,L]

If you can't get it to work, you should contact your host on the best way to do that.

Tim Grissett, DIA - PicturesPro.com || My Email Address: info@picturespro.com
This reply was deleted.

Loading more pages
Sign up for email promotions.
Your information is safe with us and won't be shared.
Thank you for signing up!
©2003 - 2017 Grissett, LLC. All Rights Reserved.
Loading More Photos
Scroll To Top
Close Window