Accepting Payments Online: Drupal and PCI Compliance

The Payment Card Industry (PCI) has defined a number of Data Security Standards when accepting sensitive information such as credit card numbers over the web. While these are not Drupal-specific, they are important for any Drupal developer of site administrator of an e-commerce site to be aware of.

Installation and usage

Use Guardr as the base for a new Drupal project

Download Guardr 7.x-2.x-dev or use drush $ drush dl guardr.

Install Drupal using the Guardr codebase as you would normally, but make sure to select the Guardr profile during the installation process.

Building a Guardr instance for development and testing

Download the Guardr profile.

High performance Guardr

Barracuda is a bash script to install and/or upgrade, tuned for high performance, Aegir Master Instance with all related system services.

The maintainers of Barracuda have chosen to include Guardr as a distribution install option. This is a fantastic partnership to provide both secure and high performance Drupal instances.

A note about Coder

Coder Review is a useful modules for identifying potential security issues, however it is not part of the Guardr distribution. Guardr is intended to be part of a layered sub-distribution. Due to a bug in Drupal 7, using drush with coder_review installed in more than one directory can cause fatal conflicts. It is recommended to add Coder to your installation.

A note about Real Name

Not all contributed modules pre-process usernames with functions like theme_username() before outputting the username value. For Drupal installations which consider the username to be confidential information, Real Name cannot perform a universal operation to hide the base username.

Pages

Subscribe with RSS Subscribe to RSS - Drupal security