Overview
This page discusses various changes in netFORUM to be certificed for Payment Application Data Security Standard (PA-DSS).
Logins
eWeb
frame
The baseline eWeb web site (and any sites that would get copied from it) includes a script that will cause any sites holding eWeb in an iFrame to make eWeb bust out of the iFrame. The rationale for this is to prevent malicious sites from hosting your own web site and impersonating your web site.
Since the CMS designer in iWeb holds the eWeb site in an iFrame, you will need to temporarily remove this script in order to work on the site in netFORUM CMS. You may then add the script back for deployment to a production environment.
To do this, do the following:
- From netFORUM iWeb, go to the CMS module.
- Navigate to any web site other than eWeb.
- From the action items, click the Classic view link.
- Now you should be in classic view instead of design view. Use the next/previous links to go to the eWeb site.
- Once you're on the eWeb site in classic view, click the Default Panes tab.
- You should see panes for Bottom, Left and Top. Click the edit pencil to edit the Top pane.
- You will see the script shown below. Comment out this script using HTML comments.
The actual script is this:
<SCRIPT LANGUAGE = javascript>
if (top.frames.length!=0)
top.location=self.document.location;
</SCRIPT>
See also
External links
- netFORUM Enterprise PA DSS Implementation Guide
- PA-DSS Requirements and Security Assessment Procedures Version 2.0 from PCI Security Standards Council, October 2010.
- Validated Payment Applications listing netFORUM validations from http://www.pcisecuritystandards.org.