是否符合PCI标准(不仅仅是一个不同的子域,而是另一个域)(安全地)提供图像?
[英]Is it PCI-compliant to serve images (securely) from not just a different subdomain, but a different domain?
问题描述
Is it PCI-compliant to serve images (securely) from a different domain? 
是否符合PCI标准,可以安全地从不同的域提供图像? I searched the PCI DSS 2.0 PDF and didn't find any references to it. 我搜索了PCI DSS 2.0 PDF并没有找到任何引用它。
2 个解决方案
解决方案1
2 已采纳 2011-02-22 18:54:08
Images do not fall under PCI compliance. 图像不符合PCI合规性要求。 PCI DSS covers the storing, transmission, and processing of credit card information only . PCI DSS仅涵盖信用卡信息的存储,传输和处理 。 So you can serve your images from any server you like without having any PCI issues. 因此,您可以从任何您喜欢的服务器上提供图像,而不会出现任何PCI问题。
解决方案2
-1 2011-07-08 19:19:25
I take it these images are going to appear on the same page as the credit card entry form? 我认为这些图像会出现在信用卡报名表的同一页面上吗? If so as long as they are rendered over SSL, then they cannot be hijacked and additional code rendered in their place. 如果是这样,只要它们通过SSL呈现,那么它们就不会被劫持并且在其位置呈现其他代码。
I would say that it would aid in your compliance to have the images served via SSL regardless of the domain due to the fact that your payment page must be presented in SSL to the end user. 我会说,由于您的付款页必须以SSL形式呈现给最终用户,因此无论域名如何,都有助于您遵守通过SSL提供的图像。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.