Requirement 6: Develop and maintain secure systems and applications
As your business needs change, you or your business partners might customize your WebSphere Commerce site. As you do so, you must ensure that the customizations do not compromise your site security. Ensure that your developers understand the requirement to develop secure systems by referring to the PA-DSS and PCI-DSS.
Note:
WebSphere Commerce starter store error pages can be configured to contain exception details that can be viewed (for development debugging purposes) when you view the source.
The error pages that can print out stack traces are:
- WC_eardir/Stores.war/GenericSystemError.jsp
- WC_eardir/Stores.war/GenericApplicationError.jsp
- WC_eardir/Stores.war/store_name/GenericError.jsp
Ensure that your production store error pages do not show the exception details - only
generic error information.
The GenericSystemError.jsp and
GenericApplicationError.jsp pages do not show exception details by default. You
do not need to update the production store pages to hide the exception details.
The GenericError.jsp page does not show exception
details by default. You do not need to update the production store pages to hide the exception
details.
Refer directly to the PCI DSS for details on this requirement.