Re: Re: PCI question - anonymous users from uploading files

[evilwon12 () yahoo com]

-Internal or external users?
-What type of data are we talking about?
-Who can access/use the data?
-Can the anonymous users download data from the same site as well?
-Is this upload site on an internal, external or dmz machine?

I'm sure there are several other questions that can be asked, those are the immediate ones that came to my mind in 30 
seconds.

With the information given, there is no way to give you a yes or no answer and be 100% correct.

As an example, if this machine is completely isolated from your PCI environment, this may be a mitigating factor in 
your favor.

Again, I do not know the purpose of the file uploads, the machine that they are being placed on, or where the machine 
is in relation to your network.  Thus, I cannot make any assessment of your situation.