We have a single-dialog application written using windows forms in .Net with C#.
The application is for payment processing purposes - it gets payment commands on COM port
and sends transactions for processing to the payment processor.
We're certifying this applications against PCI's PA-DSS ([login to view URL]). There are a couple of requirements in the certification outline that our application presently does not meet.
1. User management and authentication
We need to meet the following specific requirements:
Require unique usernames for all users
Require passwords for authentication
Require password changes every 90 days
Require password to have at least 7 characters
Require alphanumeric passwords
Prevent reuse of the prior 4 passwords
Lock out accounts after 6 invalid login attempts
Lock out accounts for at least 30 minutes
Time out accounts and require password reentry after 15 minutes or less
The following approach is strongly suggested:
-Introduce a database (free one like SQL server express) which contains authentication information for the application's users.
-Add a (modal?) dialog that blocks user intervention of the main payment application window. The user would have to enter his/her username and password to remove this dialog to tamper with the application.
-Add ability to add/remove users. This could be done through another dialog which is invoked through a menu item in the payment application (once a user logs-in).
2. Logging
PA-DSS requires the logging of certain events. You should use the same database from part 1 and log stuff into it.
The following events need to be logged:
1. Payment application log-on (the user that tried to log on, and was the attempt successful?)
2. User management (what users were added/removed and by whom)
-DB access trail. I've been lead to understand that in Windows (or SQL server) you can flip some switch so that windows (or SQL server) tracks when the DB is accessed in general. Note: This doesn't need to be done through the application - you just need to enable this. This trail isn't logged into the database.
Also, full read/write connections to the database should be accepted using the same credentials that are used to log onto the payment application.
You also need to give me API or ability to insert stuff into the DB as I have to log a few things deep within application.
You will be give source code for the application. This must be developed for Windows 7 and must work on Windows 7 Starter edition.
You must speak English and be willing to talk on Skype.
I can deliver this application on time with quality. I am expert in .NET 1.1/2.0/3.5/4.0, C#, ASP.NET and SQL Server and Microsfot certified professional in C#.NET
Dear Sir,
We are a team of developers involved in web and windows applications.
We have skilled developer for C# application development and understood your requirement fully.
We are ready to start immediately.
Please view your PM.
Regards
Hello,
I can do this project for you in very fashion manner and I am sure you will like our work. We are .NET company that consists of 7 developers of which 3 are professional c# prorgammers. We are working with two Canadian companies already for which we are ready to provide you contact information so you can ask about our work. Thank you.
I am a system engineer with almost more than 5 years developing small and enterprise applications...
I'd like to work for you for this project, you only need to tell me when wanna start.
We are a professional team located in China and we have developed projects for Microsfot,Apple, Blizzard, Autodesk and other companies all around the world. We will make your project a successful one.