Knowledge Base - Featured Articles

Browse all

When attempting to determine your skill at programming, it can be difficult to identify which specific issue to identify with. Keep in mind that these lessons are simply an attempt to introduce you to D8 module building. Lesson 1 attempts to teach to the middle, so module creation beginners should refer to the hints and notes for help. Advanced readers should view the hints and notes as optional and focus more on the extra credit. It is perfectly reasonable to gloss over the reading and to attempt to follow the lab goals and actions immediately and use the readings above it solely for reference.

Payment Card Industry Data Security Standard, or PCI-DSS, is an information security standard that is designed to protect credit card data from being exposed and used fraudulently. This article will answer some frequently asked questions about Acquia's compliance with this security standard.

Is Acquia’s hosting PCI-DSS compliant?

Acquia has a PCI-DSS compliant hosting environment as part of Acquia Cloud Enterprise. A Qualified Security Assessor (QSA) company performs an annual audit to verify that the Acquia platform is compliant with PCI-DSS. The Attestation of Compliance (AOC) and Report on Compliance (ROC) documents validating Acquia PCI-DSS compliance can be provided to prospective or current customers upon request.

Is Acquia immune to the BEAST browser exploit?

Acquia Cloud no longer supports RC4-based SSL cypher suites because of their known security vulnerabilities. This means that Acquia Cloud no longer includes server-side mitigation of the potential BEAST security vulnerability. However, we believe that existing client-side mitigation of BEAST is sufficient, and that the security vulnerability from RC4-based SSL cypher suites is a much more significant threat. For more information, we recommend reading Qualys Security Labs' discussion, Is BEAST Still a Threat?

In the upcoming 1.90 Acquia Cloud release, Acquia will change the default PHP error log level for the production environments of customers' websites.

Currently, Acquia maintains all PHP error logs in all website environments by default (E_ALL). This results in a large number of log entries that are often duplicated in both production and non-production environments. While these log entries can be helpful during development to identify code that needs to be tested and updated, they can actually slow down production logging and debugging due to their volume.

After the 1.90 release, the default logging for the production environment will be changed to:

E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED