Security Basics mailing list archives
Re: PCI question - anonymous users from uploading files
From: "Jason Thompson" <securitux () gmail com>
Date: Tue, 15 Jan 2008 14:40:57 -0500
I don't have a 100% yes or no, but does the ftp server have any PAN data on it or within the same network or is the ftp server completely separate from all PAN processing, transactions and storage? As per the PCI DSS: 8.5.8 Do not use group, shared, or generic accounts and passwords However if the system has no interaction at all with PAN data and if the ftp server becomes compromised it will not impact the PAN environment, you might be ok... I'd defer to others who may have been through this. My only experience with anonymous FTP & PCI was with a company that had anonymous FTP enabled on their database server that housed PAN data, so I helped them fix that :). Pretty clear cut in that case. :) -J On Jan 15, 2008 9:58 AM, J. Lion <jv4l1n4 () gmail com> wrote:
Is there a PCI requirement for preventing anonymous users from uploading files (non PAN related files, like images or catalog data)?
Current thread:
- PCI question - anonymous users from uploading files J. Lion (Jan 15)
- Re: PCI question - anonymous users from uploading files Jason Thompson (Jan 15)
- RE: PCI question - anonymous users from uploading files Honer, Lance (Jan 18)
- RE: PCI question - anonymous users from uploading files Abimbola, Abiola (Jan 16)
- Re: PCI question - anonymous users from uploading files Lyle Worthington (Jan 17)
- <Possible follow-ups>
- Re: Re: PCI question - anonymous users from uploading files evilwon12 (Jan 15)
- Re: PCI question - anonymous users from uploading files Jason Thompson (Jan 15)