T
tvcnet
Guest
Hi folks,
I've been hit by some PCI compliance issues and wondering if anyone has ideas on this.
The PCI issue is: Unencrypted Login Information Disclosure
This effectively means that no person on the Planet is PCI compliant unless there is a work around to force HTTPS: on logins.
Example:
Both of these are security issues apparently:
http://www.mydomain.com:8401/mssql/app/connect.aspx
http://www.mydomain.com:8425/imp/login.php
I can't seem to figure how we can force the system in Windows Plesk to only allow HTTPS, like:
https://www.mydomain.com:8401/mssql/app/connect.aspx
https://www.mydomain.com:8425/imp/login.php
And yes, I set up subdomain to allow client's to connect direct using the server name. That is not the issue. The issue is that Plesk allows one to use control panels without https://, so wondering if there is a way to force the system to never allow http://
Thanks,
Jim
I've been hit by some PCI compliance issues and wondering if anyone has ideas on this.
The PCI issue is: Unencrypted Login Information Disclosure
This effectively means that no person on the Planet is PCI compliant unless there is a work around to force HTTPS: on logins.
Example:
Both of these are security issues apparently:
http://www.mydomain.com:8401/mssql/app/connect.aspx
http://www.mydomain.com:8425/imp/login.php
I can't seem to figure how we can force the system in Windows Plesk to only allow HTTPS, like:
https://www.mydomain.com:8401/mssql/app/connect.aspx
https://www.mydomain.com:8425/imp/login.php
And yes, I set up subdomain to allow client's to connect direct using the server name. That is not the issue. The issue is that Plesk allows one to use control panels without https://, so wondering if there is a way to force the system to never allow http://
Thanks,
Jim