We have a single-dialog application written using windows forms in .Net with C#.
The application is for payment processing purposes - it gets payment commands on COM port
and sends transactions for processing to the payment processor.
We're certifying this applications against PCI's PA-DSS ([url removed, login to view]). There are a couple of requirements in the certification outline that our application presently does not meet.
1. User management and authentication
We need to meet the following specific requirements:
Require unique usernames for all users
Require passwords for authentication
Require password changes every 90 days
Require password to have at least 7 characters
Require alphanumeric passwords
Prevent reuse of the prior 4 passwords
Lock out accounts after 6 invalid login attempts
Lock out accounts for at least 30 minutes
Time out accounts and require password reentry after 15 minutes or less
The following approach is strongly suggested:
-Introduce a database (free one like SQL server express) which contains authentication information for the application's users.
-Add a (modal?) dialog that blocks user intervention of the main payment application window. The user would have to enter his/her username and password to remove this dialog to tamper with the application.
-Add ability to add/remove users. This could be done through another dialog which is invoked through a menu item in the payment application (once a user logs-in).
PA-DSS requires the logging of certain events. You should use the same database from part 1 and log stuff into it.
The following events need to be logged:
1. Payment application log-on (the user that tried to log on, and was the attempt successful?)
2. User management (what users were added/removed and by whom)
-DB access trail. I've been lead to understand that in Windows (or SQL server) you can flip some switch so that windows (or SQL server) tracks when the DB is accessed in general. Note: This doesn't need to be done through the application - you just need to enable this. This trail isn't logged into the database.
Also, full read/write connections to the database should be accepted using the same credentials that are used to log onto the payment application.
You also need to give me API or ability to insert stuff into the DB as I have to log a few things deep within application.
You will be give source code for the application. This must be developed for Windows 7 and must work on Windows 7 Starter edition.
You must speak English and be willing to talk on Skype.
36 freelancers are bidding on average $499 for this job
I can deliver this application on time with quality. I am expert in .NET 1.1/2.0/3.5/4.0, C#, ASP.NET and SQL Server and Microsfot certified professional in C#.NET
Hi there.I have worked on many applications that work in similar manner.I have many enhancements plans for [login to view URL] check your PMB for further information