Today I received an email from Miva Merchant re: IMPORTANT AND CRITICAL UPDATE FOR ALL 5.5 STOREOWNERS. I'm sure everyone with a Miva store got it.
Although I've upgraded the software, I looked at the PA-DSS checklist within the store and we are passing only 6 out of 21 items.
What are the consequences of not meeting these requirements?
Some items on the list seem pretty simple. But with some, I'm afraid of a cascading effect where you change one thing and soon learn that it has effected something else.
It looks like some items are things that WestHost would have to do. Here are some from the list that failed that pertain to WestHost:
1) We need Miva Empresa Version v5.07 when it's currently 5.06.
2) The primary database should not be located on the web server (my site is "localhost")
3) Primary database should be password encrypted (mine failed, not sure if that's an easy fix)
4) Private keys stored in secondary database
5) Private key database on different server than primary database
6) Private key database password encrypted
7) All users passwords SHA-1 encrypted