Secure > Overview: WebSphere Commerce and the PCI Data Security Standard > Address the PCI Data Security Standard within WebSphere Commerce
Requirement 6: Develop and maintain secure systems and applications
As the business needs change, you or the business partners might customize the WebSphere Commerce site. As you do so, ensure that the customizations do not compromise the site security. Verify the developers understand the requirement to develop secure systems by referring to the PA-DSS and PCI-DSS.
WebSphere Commerce starter store error pages can be configured to contain exception details that can be viewed (for development debugging purposes) when you view the source.
Verify the production store error pages do not show the exception details – only generic error information. The error pages that can print out stack traces are:
- WC_EAR/Stores.war/GenericSystemError.jsp
- WC_EAR/Stores.war/GenericApplicationError.jsp
- WC_EAR/Stores.war/store_name/GenericError.jsp
Refer directly to the PCI DSS for details on this requirement.
Previous topic: Requirement 5: Use and regularly update anti-virus software
Next topic: Requirement 7: Restrict access to cardholder data by business need to know