How to make Google App Engine PCI Compliant?
https://stackoverflow.com/questions/9184369
-
26-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian문제
I have read a few articles that say in order to have a PCI compliant cloud solution you need to have a private cloud environment and cannot use google app engine. Is it possible to create a PCI compliant website that specifically stores credit card information and personal user data in a google app engine application. Please list factual, non esoteric reasons why this may not be possible or a list of high level tasks directives that would need to and can be done by an app engine developer.
해결책
"No matter what you do however, your hosting provider has to claim support of PCI compliance."... per @maple_shaft
다른 팁
Doing PCI compliance all by yourself is woefully difficult. The details are available here.
The most common pattern for payments on App Engine is to utilize a payment gateway which bears the onus of PCI compliance.
Typically, these services provide you with an authorization token to correlate with users that you can use in order to create payments.
Popular Python Gateways
Here are some links to payment gateways to get you started.
It might be interesting to know that Google Cloud Platform has recently became PCI DSS certification. Since Google App Engine is build on it I assume it should be "safe" to use it as well.
