Home |  MySQL Buzz |  FAQ |  Feeds |  Submit your blog feed |  Feedback |  Archive |  Aggregate feed RSS 2.0 English Deutsch Español Français Italiano 日本語 Русский Português 中文
Showing entries 1 to 5

Displaying posts with tag: PCI DSS (reset)

PCI DSS & MySQL – Requirement 6
+2 Vote Up -0Vote Down
Requirement 6 of PCI DSS v1.2 states that in order to be compliant, an organization must: “Develop and maintain secure systems and applications” “Unscrupulous individuals use security vulnerabilities to gain privileged access to systems. Many of these vulnerabilities are fixed by vendor- provided security patches, which must be installed by the entities that manage the [...]
PCI DSS & MySQL – Requirement 4
+2 Vote Up -0Vote Down
Requirement 4 of PCI DSS v1.2 states that we must: “Encrypt transmission of cardholder data across open, public networks” Specifically, “Sensitive information must be encrypted during transmission over networks that are easily accessed by malicious individuals. Misconfigured wireless networks and vulnerabilities in legacy encryption and authentication protocols can be continued targets of malicious individuals who [...]
PCI DSS & MySQL: Requirement 3
+2 Vote Up -0Vote Down
Requirement 3 of the PCI DSS v1.2 is: “Protect Stored Cardholder Data” As vague as that sounds, the PCI DSS enumerates exactly what that covers: Data Element Storage Permitted Protection Required PCI DSS Req 3.4 Primary Account Number Yes Yes Yes Cardholder Name* Yes Yes No Service Code* Yes Yes No Expiration Date* Yes Yes [...]
PCI DSS & MySQL – Requirement 2
+4 Vote Up -0Vote Down
Requirement 2 of the PCI DSS v1.2 is: “Do not use vendor-supplied defaults for system passwords and other security parameters” Understanding that we’re limiting the discussion solely to MySQL (OS, Network Devices, and other software will no doubt apply to overall compliance), we can do this easily. The vendor-supplied default MySQL 5.1.43 (they’re similar across [...]
Database Analyst Steals Credit Card Data
+1 Vote Up -0Vote Down

This blog post was inspired by a recent report of a Database Analyst at American Express stealing Credit Card data.

It’s amazing how many companies still follow a mainly “perimeter security” approach when it comes to controlling access to sensitive information—their focus is on network security using firewalls, advanced authentication options, and so on. Even with such measures, it’s very common to setup strong barriers to the outside world but very little by way of internal limits; most internal people have some level of access to servers that store and process sensitive data.

Well, there’s nothing wrong with pre-screening your stuff, or having

  [Read more...]
Showing entries 1 to 5

Planet MySQL © 1995, 2014, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.