The following warnings occurred:
Warning [2] Undefined array key "avatartype" - Line: 783 - File: global.php PHP 8.1.27 (Linux)
File Line Function
/global.php 783 errorHandler->error
/printthread.php 16 require_once
Warning [2] Undefined array key "avatartype" - Line: 783 - File: global.php PHP 8.1.27 (Linux)
File Line Function
/global.php 783 errorHandler->error
/printthread.php 16 require_once
Warning [2] Undefined variable $newpmmsg - Line: 40 - File: global.php(841) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/global.php(841) : eval()'d code 40 errorHandler->error
/global.php 841 eval
/printthread.php 16 require_once
Warning [2] Undefined array key "style" - Line: 909 - File: global.php PHP 8.1.27 (Linux)
File Line Function
/global.php 909 errorHandler->error
/printthread.php 16 require_once
Warning [2] Undefined property: MyLanguage::$lang_select_default - Line: 5024 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 5024 errorHandler->error
/global.php 909 build_theme_select
/printthread.php 16 require_once
Warning [2] Undefined array key "additionalgroups" - Line: 7162 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 7162 errorHandler->error
/inc/functions.php 5044 is_member
/global.php 909 build_theme_select
/printthread.php 16 require_once
Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1415 errorHandler->error
/inc/functions.php 1370 fetch_forum_permissions
/printthread.php 76 forum_permissions
Warning [2] Undefined array key "showimages" - Line: 160 - File: printthread.php PHP 8.1.27 (Linux)
File Line Function
/printthread.php 160 errorHandler->error
Warning [2] Undefined array key "showvideos" - Line: 165 - File: printthread.php PHP 8.1.27 (Linux)
File Line Function
/printthread.php 165 errorHandler->error
Warning [2] Undefined array key "showimages" - Line: 160 - File: printthread.php PHP 8.1.27 (Linux)
File Line Function
/printthread.php 160 errorHandler->error
Warning [2] Undefined array key "showvideos" - Line: 165 - File: printthread.php PHP 8.1.27 (Linux)
File Line Function
/printthread.php 165 errorHandler->error



Form Tools
PCI compliant server - Printable Version

+- Form Tools (https://forums.formtools.org)
+-- Forum: Form Tools (https://forums.formtools.org/forumdisplay.php?fid=1)
+--- Forum: General Discussion (https://forums.formtools.org/forumdisplay.php?fid=5)
+--- Thread: PCI compliant server (/showthread.php?tid=417)



PCI compliant server - jschnyderite - Dec 29th, 2009

does this software have trouble running on pci compliant servers? my hosting company is saying that is the reason im having trouble with my install and is trying to move me to a VPS

i have it running on another site with the same hosting company, though likely on a server with different configurations.


RE: PCI compliant server - Ben - Jan 1st, 2010

Hey jschnyderite,

Good question... the truth it, I don't know - but I suspect not. Not because FT is at all unsecure, but PCI has such strict requirements.

From what I understand about PCI, it's entirely about securing servers so they can safely process credit card transactions. Form Tools should NOT be used for that. The reason is, Form Tools stores form submission content unencrypted in the database. You can't have people's credit cards stored unencrypted in a DB - it's just a bad idea. If your server is running any single script with a security hole, that information could potentially be accessed - and PHP is a notoriously unsecure programming language and there are OODLES of bad PHP scripts out there.

But if you really wanted to pursue this option there are still possibilities, but they should be examined & weighed by a security specialist. First, you use the Submission Pre-Parser module to encrypt cc information prior to storing in the database. You could juggle encryption salts to minimize the likelihood of the data being unencrypted if the DB was breached. You could also use Form Tools to *initially* store the CC data, then after they've been processed, delete the sensitive information from that record. Alternatively, you could export all content to a local server, safe behind a firewall, and delete all "public" FT database content on a schedule.

But to return to your original question about PCI, I don't really know enough about their requirements. I think you may need to spend time poring over their docs or get a specialist in to help determine the route to take. There are very possibly issues I haven't thought off that would need to be addressed separately.

If you do find out anything and need to ramp up FT's security in one or other regard, please let me know.

Thanks! Smile

- Ben