RE: iSeries public WEB access, PCI security issues

PCI is not focused on intel servers. It is focused on best practices regardless of server platform. Intel servers can perfectly house hundreds/thousands of applications on a single box, just like the i. However most people chose not to as it's a single point of failure.


-----Original Message-----
From: DrFranken [mailto:midrange@xxxxxxxxxxxx]
Sent: Thursday, August 29, 2013 12:54 PM
To: Midrange Systems Technical Discussion
Subject: Re: iSeries public WEB access, PCI security issues

I agree, FUD.

I seem to recall that PCI says you cannot store Credit Card numbers for more than 3 days period and even if you do they must be encrypted. Most of the folks I work with that do Credit Card transactions store only the last four digits for any length of time.

And while I won't list them I know of MANY companies who's IBM i servers are connected directly to the internet with web and database on the same server. PCI seems to be interpreted to focus on Intel based systems where proliferation of servers is needed to support staff size and Microsoft and Oracle revenue streams.


- Larry "DrFranken" Bolhuis

www.frankeni.com
www.iDevCloud.com
www.iInTheCloud.com

On 8/28/2013 10:58 AM, rob@xxxxxxxxx wrote:

I question whether someone says PCI rules don't allow this as FUD
rather than fact.

You're probably not interested in how we serve up our public
accessible parts of our website that require login's for customers and
suppliers that are Domino based...


Rob Berendt

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.