17

Overheard a dev bragging about how our site is fully PCI compliant. So much so even the invoice data is secure. My BS meter went off, so I decided to look at what 'secure' code looked like.

Comments
  • 0
    Seems to me that you guys are in safe hands, as he seems to know what he is doing...
  • 0
    I swear the number of devs who say that and have no clue what PCI compliance covers totally grinds my gears.
  • 1
    @CrankyOldDev We're PCI compliant because we don't store credit card data and the secure network separations.
    If auditors ever looked at our code...sheesh...and I wrote a lot of it.

    Before PCI compliance, never gave a second thought to logging card #, exp date, etc. You might have found a customer's password in plain text in a log or two.
  • 1
    Nice. So you can make everything secure just by prefixing all names with 'secure'.
  • 0
    This has to be a joke?
Add Comment