Extension Installer Requirements Violate PCI Compliance

Quote

Post by Tcalp » Fri May 01, 2015 5:21 pm

Hey Guys,

I've known about this issue since 2.0 was released but never piped up about it. I just sort of assumed that it would be addressed by others, given that it hasn't.

The extension installer in OpenCart 2.0 requires clear text FTP services to be enabled, which violate PCI Compliance, given that so many payment gateways require such compliance, along with so many web hosts disabling said support (aka even GoDaddy has on cPanel services). Who exactly thought this a grand old idea ? :)

Increase Page Speed (#1 rated commercial extension on OpenCart Marketplace)
15in1 Essential Extensions Value Pack Premium Customer Testimonials Reward Points Extended Admin Security Lockdown Suite

Image
irc.freenode.net #opencart

User avatar
Tcalp
Active Member
Posts
785
Joined
Wed Jul 06, 2011 1:49 pm
Top

Re: Extension Installer Requirements Violate PCI Compliance

Quote

Post by JNeuhoff » Fri May 01, 2015 6:10 pm

Have you posted it as a bug report on github?

In the meantime, for a workaround, disable FTP in the OpenCart admin store settings, and use this Extension Installer bugfix.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig

User avatar
JNeuhoff
Guru Member
Posts
7450
Joined
Wed Dec 05, 2007 3:38 am
Top

Re: Extension Installer Requirements Violate PCI Compliance

Quote

Post by rph » Fri May 01, 2015 11:56 pm

Good catch. It would have been nice if 2.x had been engineered to have extensions in their own directory rather than strewn out all over the core.
JNeuhoff wrote:Have you posted it as a bug report on github?
You're optimistic. :laugh:

-Ryan

rph
Expert Member
Posts
4102
Joined
Fri Jan 08, 2010 5:05 am
Location - Lincoln, Nebraska
Top
Post Reply
Return to “General Support”
Who is online

Users browsing this forum: No registered users and 82 guests