I added the idea to the Idea Pond, but would need a faster response. The problem is compliance with PCI-DSS standard, that requires that at no point in time the unencrypted PAN should be stored on any media. SaveSQL.dat file stores SQL statements in native form thus violating the PCI-DSS standard. Hence the company supports many credit and charge cards for several banks, SQL statements containing PAN are quite commonly used by data analysts. When setting the save SQL parameter to 0 still stores the last SQL statement to the SaveSQL.dat file. Suggestion is that the parameter 0 would really mean no SQL to be stored (I think that this is a bug) or better, that the SaveSQL.dat file would be encrypted. Because of this reason, the company is already looking for a different product.
↧