Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "pci dss"
-
Asked a client how they were getting on with the GDPR preparations, knowing they sometimes ask me to check documentation and such.
them: "Whats the GDPR"
me: "its the new European privacy law coming near the end of May, its ok, most of the work should be covered by your PCI DSS compliance paperwork with a few tweaks."
them: "oh, we just pay the non-compliance fee for that"
me: "wait what? well whose your data controller registered under the ICO required due to cctv being used"
them: "oh isnt that optional?"
me: "ok so heres my hourly, or i can quote for the whole compliance project"
I know not everyone is tech minded and GDPR hasnt been that well advertised, but jeez...2 -
So... being backend and DevOps was not enough. I am supposed alone to walk through PCI DSS compliance now.
https://pcisecuritystandards.org/do...
Undoubtedly fun, but a bit too much for one dev to do everything. But, no choice is left, so let's have the new hat of security on!6 -
PCI DSS scan came back saying that WebDAV extensions need to be disabled. Kind of surprised, since I have other servers I’ve configured to standard and I can’t find anything in my notes about it.
In either case, been searching for info on how to fix it for 2 days and turned up nothing useful. Report found it on ports 80 and 443, so a firewall fix seems out here.
Running Plesk 17.5.3 on CentOS 7. Anyone have any pointers on how to get the job done?4 -
recently, I was working on a project to playback archived call recordings, and another developer was hired. part of my job is also to support a third party automation framework for customers, so I got "seconded" to support a proof of concept. the original project had now been messed up, it works, however, the functionality that made it secure has been MASSIVELY compromised for the sake of effort. I've tried to cause a stink as we have a major customer who will fail the next PCI audit. opinions on the situation. the other developer has a lot more experience, but seems to have chosen to satisfy management on deadlines over the original spec...