开发者

PCI Compliance with ASP.Net Membership Provider

问答 作者:

So if you have an ecommerce app and you used the awesome ASP.Net Membership Provider you have a working user authentication system out-of-the-box.

Now.. your customers says "Please make my site PCI Compliant"

So it seems like there are handf开发者_C百科ul of tweaks that you'll need to make, such as:

  • enforce symbols in new passwords
  • minimum password length of 7

These are easy ones, you can set them all in the web.config in the Membership Provider section.

However, a PCI requirement like:

  1. Disable inactive accounts after 90 days

It seems like you need some kind of c# script + scheduled task to handle this. Has anyone every made nice nice utility script/class that takes care of all of these extra PCI issues? It seems like a very generic script and would work on most sites.

If you are using the SqlMembershipProvider for membership, you can try out this SQL script to lock out accounts that have not logged in in 90 days.

update mydatabase.dbo.aspnet_Membership
set IsLockedOut = 1, LastLockoutDate = GETDATE()
where LastLoginDate < GETDATE() - 90

继续阅读:asp.net-membershipmembership-provider

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9