Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...ASPDNSF ASPDNSF
Previous
 
Next
New Post
12/16/2009 7:04 PM
 
Sebastian Leupold


Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

www.dnnwerk.de
Joined: 3/8/2004
Posts: 46212

AspDotNetStorefront Staff - Scott wrote

PCI compliance is for pretty much anyone wanting to get a merchant account.

AFAIK it affects US users only.

Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
New Post
12/18/2009 7:47 AM
 
Krista Young


Joined: 4/8/2006
Posts: 29

Indeed, PCI compliance is for everyone who wants a merchant account (at least in the US).  But quit the scare tactics (and ASPDNSF has been using them for years).   I have gotten a merchant account recently and went through the compliance questionnaire for the ML/DNN product.  I also went to the PCI site myself to figure out what was necessary to comply, even though ML/DNN "couldn't" get PA/DSS.   Be real, from a merchant perspective, the rules aren't more than common sense.  Let Authorize.net store the credit card data and you're fine (yes, you need SSL etc).  Authorize.net isn't a "boomerang" so it meets your criteria.

Next, I really believe that if you had also taken a common sense approach to the PA/DSS issue, you could have gotten around that without explicit cooperation from DNN corp!   Stuff like "Don't use default id/passwords on the site".  Come on, any hacker knows the default host/portal ids (hope you do too).  A high schooler also knows how to query the database for them and remove them!   During installation you check...does the site still have the default host/portal ids?   If so, scare the user, tell them they can't be PCI compliant with that and that the install will stop unless you agree to remove them.   Then, SQL query poof!  Not difficult!   If you felt that more security needed to occur on the Admin site, you could have had a second log in for that...it's your app, you could have whatever encryption you wanted there.  Customers shouldn't have needed this level of security so it wouldn't have affected core DNN.   Security on 'private data" (name/address etc)?   We think you could have managed that through an extra routine, but that doesn't seem required by PA/DSS...just the PAN and other credit card info - which, by the way, I don't store in the database!

Why, in 4 years you guys couldn't figure this stuff out, I don't know.   But I wish you had thought about it before you dragged your customers through the mud.
 
New Post
12/18/2009 12:33 PM
 
Tony Henrich


Joined: 12/15/2008
Posts: 838

I have a merchant account that I got years ago. I never went through any PCI compliance requirements. I wonder when this started and whether it's actually required for every site which handles VISA.
 
New Post
12/21/2009 1:55 AM
 
Bruce Chapman


www.dnnsoftware.com
Joined: 12/7/2005
Posts: 792

I was at the round-table meeting at the end of the OpenForce conference this year, when this very question came up, directed towards the DNN core team.   Joe Brinkman spoke for a while on the topic, and while I'm no expert in this area, his responses seemed entirely reasonable to me.  I don't recall the exact details but I think the main theme was : we can't get compliance because the base DNN install doesn't do the things needed.  In other words, you can't get certfication for a platform which doesn't even do the thing certification is for.  Or, trying again, DNN isnt' an e-commerce platform out of the box, so you can't certify it as one.  In addition, since many DNN installs contain a variety of installed code, each certification has to be done on a case by case basis.

Happy to be corrected if I'm wrong on this one.  It was a while ago and at the end of a conference on a topic I'm only tangenitally interested in.

To me it seems as though the certification issue is being used as a good reason for exiting the DNN ASPDNSF product range.  It hasn't been the happiest of marriages (I know I've spent countless hours helping people get their sites going) and I suspect both camps are happy to go their separate ways.

It would also seem reasonable to me that a checklist-style procedure could be developed for obtaining certification regardless of the platform.   If that means deleting the standard host/admin accounts, then I don't see why this can't be procedurised. But again, I'm talking out of my knowledge depth so perhaps someone more qualified than I shoudl contribute on this point.
 
New Post
12/21/2009 2:01 PM
 
liewdnn

Joined: 9/13/2007
Posts: 29

 Bruce, I totally agree with you. I am pretty sure they use the compliance issue JUST for a reason to end the product.  I am the dnn version customer of aspdotnetstorefront since it newly come out and they never do it right. However, they are trying to charge an unreasonable high price for a product that never really perfectly working. I am dump enough to buy it with that "unreasonable price tag " and become the white elephant of keep submitting bugs. The product will be really strong and powerful if they could make it issueless and prefectly married with dotnetnuke. However, they just can't come to that point. I would assume because of lack of development strength and the sales of the product is not expectedly good.  

End of the story. They should not start selling the product with so many bugs exist. They start selling it with expectation that customer will provide free bug report and also provide development cost. Because full of issue product with high price tags, bad review shows up from those initial customers. It badly hit the sales of the product. Because of bad sales and they do not have the ability to make their dnn version run flawlessly, they just simply break the promise to all those loyal initial customer (including me) and end the product life with simply put a compliance issue and point finger to dnn. (protect their image)

I am not sure what should I do since I already develop the product for so long. Until now, they don even come out a version which support dnn 5. 
 
 Page 2 of 5
Previous123...5Next 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...ASPDNSF ASPDNSF


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out