Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Sasa Popovic 77 posts 367 karma points
    Oct 06, 2010 @ 15:43
    Sasa Popovic
    1

    ImageGen and Payment Card Industry (PCI) Data Security Standards (DSS)

    Hello to author(s) of ImageGen,

    I would first like to say that my colleagues and I see ImageGen as a great product and we used it on several projects so far.

    Yesterday we got a message from one of our customers who would like to have their website compliant with Payment Card Industry (PCI) Data Security Standards (DSS).This would allow them to support VISA and other credit card payments on their website. Their website is built on top of Umbraco CMS and it is using ImageGen heavily. Our customer got a test report from a company that is doing compliancy tests and the report shows that ImageGen is braking a critical rule.

    EDIT BY DROBAR - removed details of how to introduce a security vulnerability.

    Please notice that I put there a relative URL.

    Would it be possible for you to make and release a new version of the ImageGen on short notice and to have a fix for this issue in that new version?

    If possible, when can we expect to see the new version/fix?

    Please let me know if I can be of any help (if you need more info, etc).

    Best regards,
    Sasa Popovic
    Vega IT Sourcing

  • Douglas Robar 3570 posts 4670 karma points MVP 6x admin c-trib
    Oct 06, 2010 @ 15:54
    Douglas Robar
    0

    Hi, Sasa,

    I'm very close to releasing v2.5, which fixes the vulnerability as well as adds new features and fixes a few bugs. At the moment I'm doing final QA and documentation.

    Contact me through my website and I can give you a beta version to resolve the problem immediately if that is necessary. http://www.percipientstudios.com/about/contact.aspx

    cheers,
    doug.

     

  • Sasa Popovic 77 posts 367 karma points
    Oct 07, 2010 @ 10:02
    Sasa Popovic
    0

    I just want to say that I got a very quick and helpfull reply from Douglas.

    I wanted to mark his reply as a helpfull reply but I was not albe to do that because of low carma.

    Keep the good work Doug.

  • Sasa Popovic 77 posts 367 karma points
    Oct 13, 2010 @ 16:09
    Sasa Popovic
    0

    For forum admins:

    I just got a reminder from this forum. It says the following:

    We noticed that the topic ‘ImageGen and Payment Card Industry (PCI) Data Security Standards (DSS)’  you created in the Umbraco Community Forum does not have a post marked as a solution.
    If a post helped answer your question or resolve your issue please mark it as a solution so others can quickly find it.  You can view the topic and any posts here
    http://our.umbraco.org/projects/website-utilities/imagegen/imagegen-bugs/13320-ImageGen-and-Payment-Card-Industry-(PCI)-Data-Security-Standards-(DSS).


    Thank You from the Umbraco Community!

    I already wrote above that I can't mark a reply as solution because of my "karma". I get the following message when I try to do it:

    You cannot vote yet

    You need at least 70 karma points to be able to rate items on our.umbraco.org
    You gain karma points every time you do something constructive, like answering topics on the forum, or starting new ones or publishing your work as a project

  • Sasa Popovic 77 posts 367 karma points
    Dec 02, 2010 @ 22:37
    Sasa Popovic
    0

    Did anyone look into above mentioned issue and can I do anything abou it?

  • Douglas Robar 3570 posts 4670 karma points MVP 6x admin c-trib
    Feb 14, 2011 @ 17:03
    Douglas Robar
    1

    The potential XSS exploit has been resolved with ImageGen 2.5.

    cheers,
    doug.

  • Sasa Popovic 77 posts 367 karma points
    Feb 14, 2011 @ 17:28
    Sasa Popovic
    1

    Good work, thx Doug!

    Regards,
    Sasa

Please Sign in or register to post replies

Write your reply to:

Draft