Last post Apr 07, 2009 05:35 PM by jstrosch
Mar 02, 2009 04:20 AM|asp2go|LINK
Can anyone comment on risks or rules of using shared hosting vs VPS with e-commerce applications that may store credit card information. Are there specific rules around this to be aware of.
Mar 04, 2009 07:48 AM|TATWORTH|LINK
There are credit card industry rules. Unless you are using an external service like paypal, a shared hosting location is unlikely to qualify as a secure host.
Credit card information (except the last 4 digits) should be stored in an encrypted form with a log made of all accesses.
Apr 07, 2009 05:35 PM|jstrosch|LINK
Two resources that I've used to help try and build secure e-commerce sites are:
https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html (section 3 & 4)
One thing i've heard of being a large risk in a shared hosting environemnt is that your security is tied to how well the other sites are built, it's possible that someone can compromise your db/web app. by breaking in through another site (since they're
all on the same box).