Rails 3.0 - PCI compliant?

Question

Does anyone know if Rails 3.0 passes PCI compliance scans?

score 6 · Accepted Answer · answered Oct 15 '10 at 18:13

6

Frameworks that are used are not the issue, it the applications that are built on the framework. So essentially PCI is framework - rails in this case - agnostic.

Just make sure you code a secure app using rails and you will be fine.

answered Oct 15 '10 at 18:13

Zypher

37,405
5
53
95

score 2 · Answer 2 · answered Oct 15 '10 at 16:52

2

I suspect that depends deeply on how you write your application on top.
I could write an application that didn't store credit card data encrypted, or was otherwise filled with security holes, and then it wouldn't be PCI-DSS compliant, regardless of the framework underneath.

answered Oct 15 '10 at 16:52

Tom O'Connor

27,480
10
73
148

Right, how an application is handling the data definitely influences compliance. I'm concerned about the language / framework specific DSS scan results (for example, PHP 5.2.X is regarded as non-compliant by most scanners). – Brian Oct 15 '10 at 16:55
2

Yes, but the point is, no matter how secure a framework, if you've got a shite application on top, then it might as well be PHP 5.2.x – Tom O'Connor Oct 15 '10 at 17:02
You're preaching to the choir, I agree with you. – Brian Oct 15 '10 at 17:08
@Brian Oh, sorry.. I generally find that people are disagreeing with me :P – Tom O'Connor Oct 15 '10 at 19:40

score 1 · Answer 3 · answered Jan 24 '11 at 06:29

1

I'm not sure about Rails 3.0 specifically, but the majority of Braintree's payment gateway is using Rails 2.x, and Braintree is a PCI compliant service provider.

answered Jan 24 '11 at 06:29

dan-manges

111
2

I wonder if they're using https://railslts.com/. – ceejayoz Dec 03 '13 at 22:56

Rails 3.0 - PCI compliant?

3 Answers3