Thanks for the reply. I am using that setting, however Satchmo still stores sensitive credit card information for an hour, the card number and CCV in memecache. Othher card details like expiry date are always saved in the database for some reason.
On Nov 2, 3:25 am, hynekcer <[email protected]> wrote: > There is a checkbox PAYMENT__STORE_CREDIT_NUMBERS in livesettings > (http://your.site/settings) "Save Credit Card Numbers" "If False, then > the credit card will never be written to disk. For PCI compliance, > this is required..." > > This should be unchecked on a real server except for debugging and it > is by default unchecked. > > I reproduce only what I have read here. Is it OK? > > On 1 lis, 07:41, digicase <[email protected]> wrote: > > > > > > > > > Hello, > > > I'm about to finish up some work to implement PayPal Payments Pro, but > > have a question regarding credit card details. > > > From looking at the Satchmo code it looks like the full card number > > and CCV are stored in memcache, for 60 minutes? > > > I was wondering is it possible to change it so the the card number and > > CCV are not saved in memory for so long (15 minutes seems enough time > > to read the order details before confirming a payment). I would also > > like to delete each row from the table payment_creditcarddetail for > > all completed payments so that absolutely no credit card data is left > > in the database, especially the key for retrieving card number and CCV > > from memcache. > > > I am thinking of changing the line in apps/payment/models.py from: > > > keyedcache.cache_set(key, skiplog=True, length=60*60, > > value=encrypted_cc) > > > to: > > > keyedcache.cache_set(key, skiplog=True, length=60*15, > > value=encrypted_cc) > > > Similar for the CCV cache entry. > > > I'm not sure how best way to go about removing the rows from > > payment_creditcarddetail? Maybe a hook somehow for a completed payment > > which will delete the row with a matching orderpayment_id? > > > Any advice would be much appreciated, thanks. -- You received this message because you are subscribed to the Google Groups "Satchmo users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en.
