Page 1 of 1

Extension Installer Requirements Violate PCI Compliance

Posted: Fri May 01, 2015 5:21 pm
by Tcalp
Hey Guys,

I've known about this issue since 2.0 was released but never piped up about it. I just sort of assumed that it would be addressed by others, given that it hasn't.

The extension installer in OpenCart 2.0 requires clear text FTP services to be enabled, which violate PCI Compliance, given that so many payment gateways require such compliance, along with so many web hosts disabling said support (aka even GoDaddy has on cPanel services). Who exactly thought this a grand old idea ? :)

Re: Extension Installer Requirements Violate PCI Compliance

Posted: Fri May 01, 2015 6:10 pm
by JNeuhoff
Have you posted it as a bug report on github?

In the meantime, for a workaround, disable FTP in the OpenCart admin store settings, and use this Extension Installer bugfix.

Re: Extension Installer Requirements Violate PCI Compliance

Posted: Fri May 01, 2015 11:56 pm
by rph
Good catch. It would have been nice if 2.x had been engineered to have extensions in their own directory rather than strewn out all over the core.
JNeuhoff wrote:Have you posted it as a bug report on github?
You're optimistic. :laugh: