Results 1 to 4 of 4
  1. 21 Feb 2010, 07:31 PM #1
    Sir Paolo
    Sir Paolo is offline New Zenner
    Join Date
    Oct 2009
    Location
    Assachusetts
    Posts
    11
    Plugin Contributions
    0

    Default PCI COMPLIANCE: extras/curltest.php

    I have failed my latest PCI compliance scan because of a zen cart file in the extras folder named curltest.php

    Here is the PCI COMPANY'S VERBIAGE: "A PHP script (extras/curltest.php) can be used to disclose the contents of local files."

    My question is, can I remove this file without messing up the rest of Zen Cart? Does this file have real significance in the program or not?

    THanks!
  2. 21 Feb 2010, 07:35 PM #2
    Kim's Avatar
    Kim
    Kim is offline Obaa-san
    Join Date
    Jun 2003
    Posts
    33,720
    Plugin Contributions
    0

    Default Re: PCI COMPLIANCE: extras/curltest.php

    All of the files in the extras directory can be removed from your web space. I would keep a copy of the test scripts on your harddrive as backup in case you need to use them at some point.
    Please do not PM for support issues: a private solution doesn't benefit the community.

    Be careful with unsolicited advice via email or PM - Make sure the person you are talking to is a reliable source.
  3. 21 Feb 2010, 07:44 PM #3
    Sir Paolo
    Sir Paolo is offline New Zenner
    Join Date
    Oct 2009
    Location
    Assachusetts
    Posts
    11
    Plugin Contributions
    0

    Default Re: PCI COMPLIANCE: extras/curltest.php

    Excellent. Thank you for the prompt answer. It is much appreciated.
  4. 21 Feb 2010, 08:38 PM #4
    DrByte's Avatar
    DrByte
    DrByte is offline Sensei
    Join Date
    Jan 2004
    Posts
    66,443
    Plugin Contributions
    279

    Default Re: PCI COMPLIANCE: extras/curltest.php

    FYI -- that's why the matter was posted in a forum-wide announcement a few months ago: http://www.zen-cart.com/forum/showthread.php?t=142784
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
 

 
« Previous Thread | Next Thread »

Similar Threads

  1. SecurityMetrics PCI compliance fail: /password_forgotten.php
    By MickeyDora in forum General Questions
    Replies: 2
    Last Post: 18 May 2011, 07:10 AM
  2. MSQL and PHP update - PCI Compliance
    By wapnoj in forum General Questions
    Replies: 0
    Last Post: 3 Aug 2010, 03:06 AM
  3. Can I delete phpinfo.php for PCI Compliance
    By ecotopia in forum General Questions
    Replies: 3
    Last Post: 8 Oct 2009, 06:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

disjunctive-egg
Content and Graphics Copyright (c) 2003 - 2026 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC