Trackers are the de facto way Tiki treats data collected from users. These are personal data that directly fall under many legislative and other regulations. Primarily the EU GDPR, but -here- more importantly under the PCI, if they contain credit card or other payment data like bank account numbers.
Under PCI DSS credit card data must not be kept in the same database as personal data. They must be separated on all levels of processing, from technical to organizational. They cannot be processed under group logins, logins to systems carrying card data must use personalized login accounts etc. et. al.
There is one problem with trackers here: To my knowledge all trackers are kept in one DB, which is the DB the Tiki runs from. In order to comply with PCI DSS it will be necessary to have trackers with card data in a separate DB...
https://www.pcisecuritystandards.org/
Thanks
hman
To help developers solve the bug, we kindly request that you demonstrate your bug on a show2.tiki.org instance. To start, simply select a version and click on "Create show2.tiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show2.tiki.org.
To help developers solve the bug, we kindly request that you demonstrate your bug on a show.tikiwiki.org instance. To start, simply select a version and click on "Create show.tikiwiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show.tikiwiki.org.
filename | created | hits | comment | version | filetype | ||
---|---|---|---|---|---|---|---|
No attachments for this item |