Yes, you know where it is coded for memcache timeout of credit card number and you consider impractical to change it. What is the right value? In our country many people do not believe a second to disclose sensitive information to small merchant.
Are you sure that cached CC number is not invalidated after success. (I am not competent to answer it or solve it for this area. I am just trying to give first aid.) I have learned Mercurial Queues Extension http://mercurial.selenic.com/wiki/MqExtension http://mercurial.selenic.com/wiki/MqTutorial It would help you much if you are a developer to have such private changes in one place in the repository, but little separated, to see it temporary in the history, to can qpop them before pull from bitbucket so that they miss from the history and active directory, to "qpush" them again back after it. Private changes prevented me to regularly upgrade for long time. With mq extension it is easy. On 3 lis, 08:28, digicase <[email protected]> wrote: > Thanks for the reply. I am using that setting, however Satchmo still > stores sensitive credit card information for an hour, the card number > and CCV in memecache. Othher card details like expiry date are always > saved in the database for some reason. > > On Nov 2, 3:25 am, hynekcer <[email protected]> wrote: > > > > > > > > > There is a checkbox PAYMENT__STORE_CREDIT_NUMBERS in livesettings > > (http://your.site/settings) "Save Credit Card Numbers" "If False, then > > the credit card will never be written to disk. For PCI compliance, > > this is required..." > > > This should be unchecked on a real server except for debugging and it > > is by default unchecked. > > > I reproduce only what I have read here. Is it OK? > > > On 1 lis, 07:41, digicase <[email protected]> wrote: > > > > Hello, > > > > I'm about to finish up some work to implement PayPal Payments Pro, but > > > have a question regarding credit card details. > > > > From looking at the Satchmo code it looks like the full card number > > > and CCV are stored in memcache, for 60 minutes? > > > > I was wondering is it possible to change it so the the card number and > > > CCV are not saved in memory for so long (15 minutes seems enough time > > > to read the order details before confirming a payment). I would also > > > like to delete each row from the table payment_creditcarddetail for > > > all completed payments so that absolutely no credit card data is left > > > in the database, especially the key for retrieving card number and CCV > > > from memcache. > > > > I am thinking of changing the line in apps/payment/models.py from: > > > > keyedcache.cache_set(key, skiplog=True, length=60*60, > > > value=encrypted_cc) > > > > to: > > > > keyedcache.cache_set(key, skiplog=True, length=60*15, > > > value=encrypted_cc) > > > > Similar for the CCV cache entry. > > > > I'm not sure how best way to go about removing the rows from > > > payment_creditcarddetail? Maybe a hook somehow for a completed payment > > > which will delete the row with a matching orderpayment_id? > > > > Any advice would be much appreciated, thanks. -- You received this message because you are subscribed to the Google Groups "Satchmo users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en.
