Photo Cart is retired. Check out Sytist.

Pci Compliance

Please log in or Create an account to post or reply to topics.
Larry McHugh
29 posts
Tue Jul 12, 16
11:20 AM
We are in the process make our network PCI Compliant. When a scan is made of our system the scan is reporting that "Web application transmits login credentials without encryption" and points to two php files as problems, pc_login.php and index.php.

In particular for pc_login it complains that the action pc_login.php?wbg=1 is a problem and for index.php it has an issue with action index.php?do=register.

How can I correct these problems? I'm assuming these have to be sent as https in the headers rather than http.
Tim -
10629 posts
Tue Jul 12, 16
2:33 PM
You should force your whole site to use httpS so all the pages are using that if you want to be PCI compliant.

You would do this with a .htaccess file in your root website folder. That can be done with this code in the .htaccess file

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R,L]

If you can't get it to work, you should contact your host on the best way to do that.

Tim Grissett, DIA - || My Email Address:
This reply was deleted.
Loading more pages
Loading more pages

Sign up for email promotions.

Your information is safe with us and won't be shared.

Thank you for signing up!

©2003 - 2018 Grissett, LLC. All Rights Reserved.

By continuing to browse or by clicking Accept Cookies, you agree to the storing of cookies on your device necessary to provide you with the services available through our website.

    Accept   Privacy & Cookie Policy
Loading More Photos
Scroll To Top
Close Window