Enable the use of secondary DB for credit card data
- Status
- Open
- Subject
- Enable the use of secondary DB for credit card data
- Version
- 25.x
- Category
- Feature request
- Legislative Compliance
- Feature
- Trackers
- Resolution status
- New
- Submitted by
- hman
- Lastmod by
- hman
- Rating
- Related-to
- Description
Trackers are the de facto way Tiki treats data collected from users. These are personal data that directly fall under many legislative and other regulations. Primarily the EU GDPR, but -here- more importantly under the PCI, if they contain credit card or other payment data like bank account numbers.
Under PCI DSS credit card data must not be kept in the same database as personal data. They must be separated on all levels of processing, from technical to organizational. They cannot be processed under group logins, logins to systems carrying card data must use personalized login accounts etc. et. al.
There is one problem with trackers here: To my knowledge all trackers are kept in one DB, which is the DB the Tiki runs from. In order to comply with PCI DSS it will be necessary to have trackers with card data in a separate DB...
https://www.pcisecuritystandards.org/
Thanks
hman- Importance
- 10 high
- Easy to solve?
- 2
- Priority
- 20
- Demonstrate Bug on Tiki 19+
-
This bug has been demonstrated on show2.tiki.org
Please demonstrate your bug on show2.tiki.org
Show.tiki.org is not configured properlyThe public/private keys configured to connect to show2.tiki.org were not accepted. Please make sure you are using RSA keys. Thanks.
- Demonstrate Bug (older Tiki versions)
-
This bug has been demonstrated on show.tikiwiki.org
Please demonstrate your bug on show.tikiwiki.org
Show.tiki.org is not configured properlyThe public/private keys configured to connect to show.tikiwiki.org were not accepted. Please make sure you are using RSA keys. Thanks.
- Ticket ID
- 8066
- Created
- Wednesday 09 February, 2022 08:40:42 UTC
by hman - LastModif
- Wednesday 09 February, 2022 08:41:35 UTC