Results 1 to 4 of 4
  1. #1
    Join Date
    Mar 2012
    Posts
    315
    Plugin Contributions
    0

    Default Install v1.50 or V1.51 for new website?

    I currently have two v1.50 sites. I have read that v1.51 is not pci compliant; but I don't think that matters in this particular case anyway. I am going to use the SIM Authorize.net module and have Credit Card $$ collected on their site so I don't have to deal with an SSL Certificate... in addition, when done that way I don't have to deal with my Credit Card Processing Company PCI issues. The site will obviously store the customer information. This site will not have many products (under 100). Should I install v1.50 or v1.51? and in either case, should I install this XSS Flaw Patch? http://www.zen-cart.com/showthread.p...XSS-Flaw-Patch Thanks!

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Install v1.50 or V1.51 for new website?

    Quote Originally Posted by Johnnycopilot View Post
    I have read that v1.51 is not pci compliant
    Correction: v1.5.1 has not been submitted for PCI compliance *certification*.
    It's still based on the v1.5.0 code which IS certified. The bugfixes and feature changes were just not submitted for a subsequent re-certification.

    Don't confuse "compliance" with "certification". They do have different meanings.

    Granted, the meaning is obviously moot to you since you don't intend to observe any of the issues anyway, judging from the other things you posted.

    And, since you believe PCI is of no consequence for you, why not use v1.5.1 which contains bugfixes beyond what 1.5.0 has.

    Quote Originally Posted by Johnnycopilot View Post
    but I don't think that matters in this particular case anyway. I am going to use the SIM Authorize.net module and have Credit Card $$ collected on their site so I don't have to deal with an SSL Certificate...in addition, when done that way I don't have to deal with my Credit Card Processing Company PCI issues. The site will obviously store the customer information.
    You STILL should use SSL on your site, to protect the collection of your customers' identities and from their login passwords from being transmitted unencrypted in plain text.

    SSL does not mean PCI. And PCI does not mean SSL.

    SSL is just plain basic smart. And the smart shopper shouldn't shop if SSL is not used for passwords and addresses, regardless of whether a credit card is used.

    Quote Originally Posted by Johnnycopilot View Post
    and in either case, should I install this XSS Flaw Patch? http://www.zen-cart.com/showthread.p...XSS-Flaw-Patch Thanks!
    Well, I think anyone would argue that the answer to that is yes. Why would you say no?
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Jul 2005
    Location
    Upstate NY
    Posts
    22,010
    Plugin Contributions
    25

    Default Re: Install v1.50 or V1.51 for new website?

    As I understand it, it's not that that v1.5.1 is not PCI compliant, but it hasn't been taken through the official hoops of being certified. Technically, when you add mods to your v1.5.0 site, it would need to be recertified (or "self-certified") anyway.
    I expect v1.5.1, with the XSS flaw patch, would be best.

  4. #4
    Join Date
    Mar 2012
    Posts
    315
    Plugin Contributions
    0

    Default Re: Install v1.50 or V1.51 for new website?

    ok, I understand; Thanks! I will use v1.51. In the patch, I suppose it's ok if I just change out that one line of code as opposed to the entire file...?

 

 

Similar Threads

  1. Looking for a new template for my website
    By tjturner in forum Templates, Stylesheets, Page Layout
    Replies: 5
    Last Post: 16 Mar 2012, 04:54 AM
  2. website payment pro for Canada -can't install
    By hardwiredtemplates in forum PayPal Website Payments Pro support
    Replies: 4
    Last Post: 7 Jun 2009, 06:34 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR