please point us to where on the PCIDSS website we can see that any .bak files are a violation of PCI. i have never seen that, and i would like to...
this is really not correct. text files can be opened by a text editor, no matter their extension. renaming a file's extension does not automatically make the file a valid version of said extension.
keeping backup files on a web server is not a good idea. one must ensure that the web serving software (ie apache) is probably configured to not serve up those files. else anyone can see them if they know where to look.
Bookmarks