[OFBiz] Users - CISP / PCI Compliance
Locked
[OFBiz] Users - CISP / PCI Compliance
 
|
Anyone know if Open for Commerce is up to snuff with
CISP / PCI Compliance? __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
|
|
You mean "Open For Business"?
If you're asking about encrypting customer credit cards, it does that. Erik Earle wrote: >Anyone know if Open for Commerce is up to snuff with >CISP / PCI Compliance? > > > > >__________________________________ >Yahoo! Mail - PC Magazine Editors' Choice 2005 >http://mail.yahoo.com > >_______________________________________________ >Users mailing list >[hidden email] >http://lists.ofbiz.org/mailman/listinfo/users > > > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: [OFBiz] Users - CISP / PCI Compliance
|
|
There is alot more to it than that.
http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html --- Si Chen <[hidden email]> wrote: > You mean "Open For Business"? > > If you're asking about encrypting customer credit > cards, it does that. > > Erik Earle wrote: > > >Anyone know if Open for Commerce is up to snuff > with > >CISP / PCI Compliance? > > > > > > > > > >__________________________________ > >Yahoo! Mail - PC Magazine Editors' Choice 2005 > >http://mail.yahoo.com > > > >_______________________________________________ > >Users mailing list > >[hidden email] > >http://lists.ofbiz.org/mailman/listinfo/users > > > > > > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
|
|
I've read this before, but just to be sure, I read this again:
http://usa.visa.com/download/business/accepting_visa/ops_risk_management/cisp_PCI_Data_Security_Standard.pdf?it=il|/business/accepting_visa/ops_risk_management/cisp.html|PCI%20Data%20Security%20Standard Except for the protection of customer data by encryption, everything else seems to be related to your particular management practices: install a firewall, run antivirus programs, have an information security policy in place. So what else falls upon an application like OFBiz, in your opinion? Si Erik Earle wrote: >There is alot more to it than that. > >http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html > > > >--- Si Chen <[hidden email]> wrote: > > > >>You mean "Open For Business"? >> >>If you're asking about encrypting customer credit >>cards, it does that. >> >>Erik Earle wrote: >> >> >> >>>Anyone know if Open for Commerce is up to snuff >>> >>> >>with >> >> >>>CISP / PCI Compliance? >>> >>> >>> >>> >>>__________________________________ >>>Yahoo! Mail - PC Magazine Editors' Choice 2005 >>>http://mail.yahoo.com >>> >>>_______________________________________________ >>>Users mailing list >>>[hidden email] >>>http://lists.ofbiz.org/mailman/listinfo/users >>> >>> >>> >>> >>> >> >>_______________________________________________ >>Users mailing list >>[hidden email] >>http://lists.ofbiz.org/mailman/listinfo/users >> >> >> > > > > >__________________________________ >Yahoo! FareChase: Search multiple travel sites in one click. >http://farechase.yahoo.com > >_______________________________________________ >Users mailing list >[hidden email] >http://lists.ofbiz.org/mailman/listinfo/users > > > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: [OFBiz] Users - CISP / PCI Compliance
|
|
Yes, I agree that most of it is policy, but there are
some issues around administrative accounts and password policies that would relate to ofbiz parties. I guess it's up to the integrator of OFBiz to implement policies. --- Si Chen <[hidden email]> wrote: > I've read this before, but just to be sure, I read > this again: > http://usa.visa.com/download/business/accepting_visa/ops_risk_management/cisp_PCI_Data_Security_Standard.pdf?it=il|/business/accepting_visa/ops_risk_management/cisp.html|PCI%20Data%20Security%20Standard > > Except for the protection of customer data by > encryption, everything > else seems to be related to your particular > management practices: > install a firewall, run antivirus programs, have an > information security > policy in place. > > So what else falls upon an application like OFBiz, > in your opinion? > > Si > > Erik Earle wrote: > > >There is alot more to it than that. > > > >http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html > > > > > > > >--- Si Chen <[hidden email]> > wrote: > > > > > > > >>You mean "Open For Business"? > >> > >>If you're asking about encrypting customer credit > >>cards, it does that. > >> > >>Erik Earle wrote: > >> > >> > >> > >>>Anyone know if Open for Commerce is up to snuff > >>> > >>> > >>with > >> > >> > >>>CISP / PCI Compliance? > >>> > >>> > >>> > >>> > >>>__________________________________ > >>>Yahoo! Mail - PC Magazine Editors' Choice 2005 > >>>http://mail.yahoo.com > >>> > >>>_______________________________________________ > >>>Users mailing list > >>>[hidden email] > >>>http://lists.ofbiz.org/mailman/listinfo/users > >>> > >>> > >>> > >>> > >>> > >> > >>_______________________________________________ > >>Users mailing list > >>[hidden email] > >>http://lists.ofbiz.org/mailman/listinfo/users > >> > >> > >> > > > > > > > > > >__________________________________ > >Yahoo! FareChase: Search multiple travel sites in > one click. > >http://farechase.yahoo.com > > > >_______________________________________________ > >Users mailing list > >[hidden email] > >http://lists.ofbiz.org/mailman/listinfo/users > > > > > > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
|
|
You can pretty much configure them however you want. The security model
is very sophisticated and should not be a problem. Erik Earle wrote: >Yes, I agree that most of it is policy, but there are >some issues around administrative accounts and >password policies that would relate to ofbiz parties. > >I guess it's up to the integrator of OFBiz to >implement policies. > >--- Si Chen <[hidden email]> wrote: > > > >>I've read this before, but just to be sure, I read >>this again: >> >> >> >http://usa.visa.com/download/business/accepting_visa/ops_risk_management/cisp_PCI_Data_Security_Standard.pdf?it=il|/business/accepting_visa/ops_risk_management/cisp.html|PCI%20Data%20Security%20Standard > > >>Except for the protection of customer data by >>encryption, everything >>else seems to be related to your particular >>management practices: >>install a firewall, run antivirus programs, have an >>information security >>policy in place. >> >>So what else falls upon an application like OFBiz, >>in your opinion? >> >>Si >> >>Erik Earle wrote: >> >> >> >>>There is alot more to it than that. >>> >>> >>> >>http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html >> >> >>> >>>--- Si Chen <[hidden email]> >>> >>> >>wrote: >> >> >>> >>> >>> >>> >>>>You mean "Open For Business"? >>>> >>>>If you're asking about encrypting customer credit >>>>cards, it does that. >>>> >>>>Erik Earle wrote: >>>> >>>> >>>> >>>> >>>> >>>>>Anyone know if Open for Commerce is up to snuff >>>>> >>>>> >>>>> >>>>> >>>>with >>>> >>>> >>>> >>>> >>>>>CISP / PCI Compliance? >>>>> >>>>> >>>>> >>>>> >>>>>__________________________________ >>>>>Yahoo! Mail - PC Magazine Editors' Choice 2005 >>>>>http://mail.yahoo.com >>>>> >>>>>_______________________________________________ >>>>>Users mailing list >>>>>[hidden email] >>>>>http://lists.ofbiz.org/mailman/listinfo/users >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>_______________________________________________ >>>>Users mailing list >>>>[hidden email] >>>>http://lists.ofbiz.org/mailman/listinfo/users >>>> >>>> >>>> >>>> >>>> >>> >>> >>>__________________________________ >>>Yahoo! FareChase: Search multiple travel sites in >>> >>> >>one click. >> >> >>>http://farechase.yahoo.com >>> >>>_______________________________________________ >>>Users mailing list >>>[hidden email] >>>http://lists.ofbiz.org/mailman/listinfo/users >>> >>> >>> >>> >>> >> >>_______________________________________________ >>Users mailing list >>[hidden email] >>http://lists.ofbiz.org/mailman/listinfo/users >> >> >> > > > > > >__________________________________ >Yahoo! Mail - PC Magazine Editors' Choice 2005 >http://mail.yahoo.com > >_______________________________________________ >Users mailing list >[hidden email] >http://lists.ofbiz.org/mailman/listinfo/users > > > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: [OFBiz] Users - CISP / PCI Compliance
|
|
We have gone through this with a couple of clients already and OFBiz is sufficient for the requirements (like encrypting stored data with the Entity Engine and encrypting remote communications with the Service Engine, and those are used with the CC and related stuff, also we don't store PVV/CVV/CVC2 values), but like Si is saying it all depends on how you use it. Many of the requirements there are corporate policy and things that the system cannot enforce, and the integrator can't enforce them either. For example the one account per person for all system interactions requirement is something that company employees have to keep up with all the time. It means they only ever use their own account and they never share passwords and such. OFBiz has sufficient functionality to avoid users having to give their passwords to IT or admin folks over the phone and such, and that is important, as are many other things. -David On Nov 22, 2005, at 1:39 PM, Si Chen wrote: > You can pretty much configure them however you want. The security > model is very sophisticated and should not be a problem. > > Erik Earle wrote: > >> Yes, I agree that most of it is policy, but there are >> some issues around administrative accounts and >> password policies that would relate to ofbiz parties. >> >> I guess it's up to the integrator of OFBiz to >> implement policies. >> >> --- Si Chen <[hidden email]> wrote: >> >> >>> I've read this before, but just to be sure, I read >>> this again: >>> >>> >> http://usa.visa.com/download/business/accepting_visa/ >> ops_risk_management/cisp_PCI_Data_Security_Standard.pdf?it=il|/ >> business/accepting_visa/ops_risk_management/cisp.html|PCI%20Data% >> 20Security%20Standard >> >>> Except for the protection of customer data by >>> encryption, everything else seems to be related to your particular >>> management practices: install a firewall, run antivirus programs, >>> have an >>> information security policy in place. >>> >>> So what else falls upon an application like OFBiz, >>> in your opinion? >>> >>> Si >>> >>> Erik Earle wrote: >>> >>> >>>> There is alot more to it than that. >>>> >>>> >>> http://usa.visa.com/business/accepting_visa/ops_risk_management/ >>> cisp.html >>> >>>> >>>> --- Si Chen <[hidden email]> >>>> >>> wrote: >>> >>>> >>>> >>>>> You mean "Open For Business"? >>>>> >>>>> If you're asking about encrypting customer credit >>>>> cards, it does that. >>>>> >>>>> Erik Earle wrote: >>>>> >>>>> >>>>> >>>>>> Anyone know if Open for Commerce is up to snuff >>>>>> >>>>>> >>>>> with >>>>> >>>>> >>>>>> CISP / PCI Compliance? >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> __________________________________ Yahoo! Mail - PC Magazine >>>>>> Editors' Choice 2005 http://mail.yahoo.com >>>>>> >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>> [hidden email] >>>>>> http://lists.ofbiz.org/mailman/listinfo/users >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>> [hidden email] >>>>> http://lists.ofbiz.org/mailman/listinfo/users >>>>> >>>>> >>>>> >>>> >>>> >>>> __________________________________ Yahoo! FareChase: Search >>>> multiple travel sites in >>>> >>> one click. >>> >>>> http://farechase.yahoo.com >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> [hidden email] >>>> http://lists.ofbiz.org/mailman/listinfo/users >>>> >>>> >>>> >>> _______________________________________________ >>> Users mailing list >>> [hidden email] >>> http://lists.ofbiz.org/mailman/listinfo/users >>> >>> >> >> >> >> >> >> __________________________________ Yahoo! Mail - PC Magazine >> Editors' Choice 2005 http://mail.yahoo.com >> _______________________________________________ >> Users mailing list >> [hidden email] >> http://lists.ofbiz.org/mailman/listinfo/users >> >> > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
[OFBiz] Users - HSQL link to OFBiz
Administrator
|
Why not posting a link to http://hsqldb.org/web/hsqlUsing.html ? They reference
Jira which itself uses OFBiz Entity Engine, so... Jacques _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
|
|
In reply to this post by David E. Jones
A few months ago we went through a CISP internal audit and were able
to meet the requirements for CISP with our ofbiz applications. Most of the changes for us were process related but we also leveraged the ofbiz security/permissions model to meet some of the requirements. Brett On 11/22/05, David E. Jones <[hidden email]> wrote: > > We have gone through this with a couple of clients already and OFBiz > is sufficient for the requirements (like encrypting stored data with > the Entity Engine and encrypting remote communications with the > Service Engine, and those are used with the CC and related stuff, > also we don't store PVV/CVV/CVC2 values), but like Si is saying it > all depends on how you use it. > > Many of the requirements there are corporate policy and things that > the system cannot enforce, and the integrator can't enforce them > either. For example the one account per person for all system > interactions requirement is something that company employees have to > keep up with all the time. It means they only ever use their own > account and they never share passwords and such. OFBiz has sufficient > functionality to avoid users having to give their passwords to IT or > admin folks over the phone and such, and that is important, as are > many other things. > > -David > > > On Nov 22, 2005, at 1:39 PM, Si Chen wrote: > > > You can pretty much configure them however you want. The security > > model is very sophisticated and should not be a problem. > > > > Erik Earle wrote: > > > >> Yes, I agree that most of it is policy, but there are > >> some issues around administrative accounts and > >> password policies that would relate to ofbiz parties. > >> > >> I guess it's up to the integrator of OFBiz to > >> implement policies. > >> > >> --- Si Chen <[hidden email]> wrote: > >> > >> > >>> I've read this before, but just to be sure, I read > >>> this again: > >>> > >>> > >> http://usa.visa.com/download/business/accepting_visa/ > >> ops_risk_management/cisp_PCI_Data_Security_Standard.pdf?it=il|/ > >> business/accepting_visa/ops_risk_management/cisp.html|PCI%20Data% > >> 20Security%20Standard > >> > >>> Except for the protection of customer data by > >>> encryption, everything else seems to be related to your particular > >>> management practices: install a firewall, run antivirus programs, > >>> have an > >>> information security policy in place. > >>> > >>> So what else falls upon an application like OFBiz, > >>> in your opinion? > >>> > >>> Si > >>> > >>> Erik Earle wrote: > >>> > >>> > >>>> There is alot more to it than that. > >>>> > >>>> > >>> http://usa.visa.com/business/accepting_visa/ops_risk_management/ > >>> cisp.html > >>> > >>>> > >>>> --- Si Chen <[hidden email]> > >>>> > >>> wrote: > >>> > >>>> > >>>> > >>>>> You mean "Open For Business"? > >>>>> > >>>>> If you're asking about encrypting customer credit > >>>>> cards, it does that. > >>>>> > >>>>> Erik Earle wrote: > >>>>> > >>>>> > >>>>> > >>>>>> Anyone know if Open for Commerce is up to snuff > >>>>>> > >>>>>> > >>>>> with > >>>>> > >>>>> > >>>>>> CISP / PCI Compliance? > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> __________________________________ Yahoo! Mail - PC Magazine > >>>>>> Editors' Choice 2005 http://mail.yahoo.com > >>>>>> > >>>>>> _______________________________________________ > >>>>>> Users mailing list > >>>>>> [hidden email] > >>>>>> http://lists.ofbiz.org/mailman/listinfo/users > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>> _______________________________________________ > >>>>> Users mailing list > >>>>> [hidden email] > >>>>> http://lists.ofbiz.org/mailman/listinfo/users > >>>>> > >>>>> > >>>>> > >>>> > >>>> > >>>> __________________________________ Yahoo! FareChase: Search > >>>> multiple travel sites in > >>>> > >>> one click. > >>> > >>>> http://farechase.yahoo.com > >>>> > >>>> _______________________________________________ > >>>> Users mailing list > >>>> [hidden email] > >>>> http://lists.ofbiz.org/mailman/listinfo/users > >>>> > >>>> > >>>> > >>> _______________________________________________ > >>> Users mailing list > >>> [hidden email] > >>> http://lists.ofbiz.org/mailman/listinfo/users > >>> > >>> > >> > >> > >> > >> > >> > >> __________________________________ Yahoo! Mail - PC Magazine > >> Editors' Choice 2005 http://mail.yahoo.com > >> _______________________________________________ > >> Users mailing list > >> [hidden email] > >> http://lists.ofbiz.org/mailman/listinfo/users > >> > >> > > _______________________________________________ > > Users mailing list > > [hidden email] > > http://lists.ofbiz.org/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: [OFBiz] Users - CISP / PCI Compliance
|
|
If you don't mind my asking, what was the work effort
to be able to meet the requirements. --- Brett Palmer <[hidden email]> wrote: > A few months ago we went through a CISP internal > audit and were able > to meet the requirements for CISP with our ofbiz > applications. Most > of the changes for us were process related but we > also leveraged the > ofbiz security/permissions model to meet some of the > requirements. > > Brett > > On 11/22/05, David E. Jones <[hidden email]> > wrote: > > > > We have gone through this with a couple of clients > already and OFBiz > > is sufficient for the requirements (like > encrypting stored data with > > the Entity Engine and encrypting remote > communications with the > > Service Engine, and those are used with the CC and > related stuff, > > also we don't store PVV/CVV/CVC2 values), but like > Si is saying it > > all depends on how you use it. > > > > Many of the requirements there are corporate > policy and things that > > the system cannot enforce, and the integrator > can't enforce them > > either. For example the one account per person for > all system > > interactions requirement is something that company > employees have to > > keep up with all the time. It means they only ever > use their own > > account and they never share passwords and such. > OFBiz has sufficient > > functionality to avoid users having to give their > passwords to IT or > > admin folks over the phone and such, and that is > important, as are > > many other things. > > > > -David > > > > > > On Nov 22, 2005, at 1:39 PM, Si Chen wrote: > > > > > You can pretty much configure them however you > want. The security > > > model is very sophisticated and should not be a > problem. > > > > > > Erik Earle wrote: > > > > > >> Yes, I agree that most of it is policy, but > there are > > >> some issues around administrative accounts and > > >> password policies that would relate to ofbiz > parties. > > >> > > >> I guess it's up to the integrator of OFBiz to > > >> implement policies. > > >> > > >> --- Si Chen <[hidden email]> > wrote: > > >> > > >> > > >>> I've read this before, but just to be sure, I > read > > >>> this again: > > >>> > > >>> > > >> > > > >> > ops_risk_management/cisp_PCI_Data_Security_Standard.pdf?it=il|/ > > >> > business/accepting_visa/ops_risk_management/cisp.html|PCI%20Data% > > >> 20Security%20Standard > > >> > > >>> Except for the protection of customer data by > > >>> encryption, everything else seems to be > related to your particular > > >>> management practices: install a firewall, run > antivirus programs, > > >>> have an > > >>> information security policy in place. > > >>> > > >>> So what else falls upon an application like > OFBiz, > > >>> in your opinion? > > >>> > > >>> Si > > >>> > > >>> Erik Earle wrote: > > >>> > > >>> > > >>>> There is alot more to it than that. > > >>>> > > >>>> > > >>> > > > >>> cisp.html > > >>> > > >>>> > > >>>> --- Si Chen <[hidden email]> > > >>>> > > >>> wrote: > > >>> > > >>>> > > >>>> > > >>>>> You mean "Open For Business"? > > >>>>> > > >>>>> If you're asking about encrypting customer > credit > > >>>>> cards, it does that. > > >>>>> > > >>>>> Erik Earle wrote: > > >>>>> > > >>>>> > > >>>>> > > >>>>>> Anyone know if Open for Commerce is up to > snuff > > >>>>>> > > >>>>>> > > >>>>> with > > >>>>> > > >>>>> > > >>>>>> CISP / PCI Compliance? > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> __________________________________ Yahoo! > Mail - PC Magazine > > >>>>>> Editors' Choice 2005 http://mail.yahoo.com > > >>>>>> > > >>>>>> > _______________________________________________ > > >>>>>> Users mailing list > > >>>>>> [hidden email] > > >>>>>> > http://lists.ofbiz.org/mailman/listinfo/users > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>> > _______________________________________________ > > >>>>> Users mailing list > > >>>>> [hidden email] > > >>>>> > http://lists.ofbiz.org/mailman/listinfo/users > > >>>>> > > >>>>> > > >>>>> > > >>>> > > >>>> > > >>>> __________________________________ Yahoo! > FareChase: Search > > >>>> multiple travel sites in > > >>>> > > >>> one click. > > >>> > > >>>> http://farechase.yahoo.com > > >>>> > > >>>> > _______________________________________________ > > >>>> Users mailing list > > >>>> [hidden email] > > >>>> http://lists.ofbiz.org/mailman/listinfo/users > > >>>> > > >>>> > > >>>> > > >>> > _______________________________________________ > > >>> Users mailing list > > >>> [hidden email] > > >>> http://lists.ofbiz.org/mailman/listinfo/users > > >>> > > >>> > > >> > > >> > > >> > > >> > > >> > > >> __________________________________ Yahoo! Mail > - PC Magazine > > >> Editors' Choice 2005 http://mail.yahoo.com > > >> _______________________________________________ > > >> Users mailing list > > >> [hidden email] > > >> http://lists.ofbiz.org/mailman/listinfo/users > > >> > > >> > > > _______________________________________________ > > > Users mailing list > > > [hidden email] > __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
|
|
Most of the work was documenting and auditing processes. There were
also some IT related tasks that we needed to comply with CISP that didn't involve ofbiz. Its hard to say what the total work effort was because we were doing our regular development tasks at the same time. In total I would guess it took a few of us a couple of months to comply with the CISP specific tasks. Brett On 11/22/05, Erik Earle <[hidden email]> wrote: > If you don't mind my asking, what was the work effort > to be able to meet the requirements. > > --- Brett Palmer <[hidden email]> wrote: > > > A few months ago we went through a CISP internal > > audit and were able > > to meet the requirements for CISP with our ofbiz > > applications. Most > > of the changes for us were process related but we > > also leveraged the > > ofbiz security/permissions model to meet some of the > > requirements. > > > > Brett > > > > On 11/22/05, David E. Jones <[hidden email]> > > wrote: > > > > > > We have gone through this with a couple of clients > > already and OFBiz > > > is sufficient for the requirements (like > > encrypting stored data with > > > the Entity Engine and encrypting remote > > communications with the > > > Service Engine, and those are used with the CC and > > related stuff, > > > also we don't store PVV/CVV/CVC2 values), but like > > Si is saying it > > > all depends on how you use it. > > > > > > Many of the requirements there are corporate > > policy and things that > > > the system cannot enforce, and the integrator > > can't enforce them > > > either. For example the one account per person for > > all system > > > interactions requirement is something that company > > employees have to > > > keep up with all the time. It means they only ever > > use their own > > > account and they never share passwords and such. > > OFBiz has sufficient > > > functionality to avoid users having to give their > > passwords to IT or > > > admin folks over the phone and such, and that is > > important, as are > > > many other things. > > > > > > -David > > > > > > > > > On Nov 22, 2005, at 1:39 PM, Si Chen wrote: > > > > > > > You can pretty much configure them however you > > want. The security > > > > model is very sophisticated and should not be a > > problem. > > > > > > > > Erik Earle wrote: > > > > > > > >> Yes, I agree that most of it is policy, but > > there are > > > >> some issues around administrative accounts and > > > >> password policies that would relate to ofbiz > > parties. > > > >> > > > >> I guess it's up to the integrator of OFBiz to > > > >> implement policies. > > > >> > > > >> --- Si Chen <[hidden email]> > > wrote: > > > >> > > > >> > > > >>> I've read this before, but just to be sure, I > > read > > > >>> this again: > > > >>> > > > >>> > > > >> > > > http://usa.visa.com/download/business/accepting_visa/ > > > >> > > > ops_risk_management/cisp_PCI_Data_Security_Standard.pdf?it=il|/ > > > >> > > > business/accepting_visa/ops_risk_management/cisp.html|PCI%20Data% > > > >> 20Security%20Standard > > > >> > > > >>> Except for the protection of customer data by > > > >>> encryption, everything else seems to be > > related to your particular > > > >>> management practices: install a firewall, run > > antivirus programs, > > > >>> have an > > > >>> information security policy in place. > > > >>> > > > >>> So what else falls upon an application like > > OFBiz, > > > >>> in your opinion? > > > >>> > > > >>> Si > > > >>> > > > >>> Erik Earle wrote: > > > >>> > > > >>> > > > >>>> There is alot more to it than that. > > > >>>> > > > >>>> > > > >>> > > > http://usa.visa.com/business/accepting_visa/ops_risk_management/ > > > >>> cisp.html > > > >>> > > > >>>> > > > >>>> --- Si Chen <[hidden email]> > > > >>>> > > > >>> wrote: > > > >>> > > > >>>> > > > >>>> > > > >>>>> You mean "Open For Business"? > > > >>>>> > > > >>>>> If you're asking about encrypting customer > > credit > > > >>>>> cards, it does that. > > > >>>>> > > > >>>>> Erik Earle wrote: > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>>> Anyone know if Open for Commerce is up to > > snuff > > > >>>>>> > > > >>>>>> > > > >>>>> with > > > >>>>> > > > >>>>> > > > >>>>>> CISP / PCI Compliance? > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> __________________________________ Yahoo! > > Mail - PC Magazine > > > >>>>>> Editors' Choice 2005 http://mail.yahoo.com > > > >>>>>> > > > >>>>>> > > _______________________________________________ > > > >>>>>> Users mailing list > > > >>>>>> [hidden email] > > > >>>>>> > > http://lists.ofbiz.org/mailman/listinfo/users > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>> > > _______________________________________________ > > > >>>>> Users mailing list > > > >>>>> [hidden email] > > > >>>>> > > http://lists.ofbiz.org/mailman/listinfo/users > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>> > > > >>>> > > > >>>> __________________________________ Yahoo! > > FareChase: Search > > > >>>> multiple travel sites in > > > >>>> > > > >>> one click. > > > >>> > > > >>>> http://farechase.yahoo.com > > > >>>> > > > >>>> > > _______________________________________________ > > > >>>> Users mailing list > > > >>>> [hidden email] > > > >>>> http://lists.ofbiz.org/mailman/listinfo/users > > > >>>> > > > >>>> > > > >>>> > > > >>> > > _______________________________________________ > > > >>> Users mailing list > > > >>> [hidden email] > > > >>> http://lists.ofbiz.org/mailman/listinfo/users > > > >>> > > > >>> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> __________________________________ Yahoo! Mail > > - PC Magazine > > > >> Editors' Choice 2005 http://mail.yahoo.com > > > >> _______________________________________________ > > > >> Users mailing list > > > >> [hidden email] > > > >> http://lists.ofbiz.org/mailman/listinfo/users > > > >> > > > >> > > > > _______________________________________________ > > > > Users mailing list > > > > [hidden email] > > > === message truncated === > > > > > > __________________________________ > Yahoo! Mail - PC Magazine Editors' Choice 2005 > http://mail.yahoo.com > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
«
Return to OFBiz - User
|
1 view|%1 views
| Free forum by Nabble | Edit this page |