贝宝如何确保其数据库的安全性? [英] how does paypal keep their database secure?

问题描述

首先，我不是在尝试破解贝宝.我想做的是创建一个同样安全的数据库.

first off, I am not trying to hack paypal. What I'm trying to do is to create a similarly safe database.

好，因此，如果我使用Paypal注册，我可以从我的信用卡或银行帐户(如果已设置)中将钱存入"到我的Paypal帐户中.发生这种情况时，资金将从我本人转移到贝宝.但不是真的进入我的贝宝帐户.那是我的pal pal帐户不是一个实际的物理空间，里面装有金.除非我错了，否则这里发生的是我的帐户位于贝宝服务器上的数据库表中，当我进行存款时，他们只是将余额字段"从任何值更改为+ =我的存款.因此，如果任何人都能够入侵此数据库，则只需更改余额字段"中的值，他们就可以根据需要增加其余额.

OK, so if i sign up with paypal, i can 'deposit' money into my paypal account from my credit card or from my bank account if i have that set up. When this happens money is transfered from myself to paypal. But not really into my paypal account. That is my pay pal account is not an actual physical space with gold sitting in it. Unless I am wrong, what happens here is my account is in a databse table on paypal's servers, and when I make a deposit, they simply change the 'balance field' from whatever to += my deposit. So, if anyone were to be able to hack into this db, they could increase their balance by anything they wanted simply by changing the value in the 'balance field.'

贝宝如何确保这种情况不会发生，以及您使用哪种数据库系统.我猜不是MySQL，对吗?

How does paypal go about making sure this cant happen, and what kind of db system do you tink they use. I would guess NOT MySQL, correct?

谢谢.

推荐答案

如果您要处理任何客户财务数据(即处理信用卡和/或借记卡交易)，则必须符合PCI规范.这是美国运通，Discover，JCB，MasterCard和Visa International制定的一套安全标准，如果您经过审核或有安全漏洞并且被发现不符合标准，将处以高额罚款(每月5,000至100,000美元). .为了符合PCI，还需要每90天执行一次网络安全扫描，该扫描必须由PCI SSC批准的扫描供应商进行."

If you're going to be handling any customer financial data (i.e., processing credit and/or debit card transactions), you are required to be PCI compliant. This is a set of security standards setup by American Express, Discover, JCB, MasterCard, and Visa International that imposes heavy fines ($5,000 to $100,000 per month) if you are either audited or have a security breach and are found to not meet the standards. For PCI compliance, you are also required to have a network security scan performed every 90 days which "must be conducted by a PCI SSC Approved Scanning Vendor."

尽管PCI合规性不能保证您的安全(在网络级别而非应用程序级别验证安全性更为重要)，但这至少是最低起点.此外，您的应用程序在设计时应考虑安全性，以防止SQL注入，会话劫持和其他常见安全性问题.

Although PCI compliance isn't a guarantee that you're safe (it does more to verify security at the network level, not the application level), it's at least the very least the minimum starting point. In addition, your application should be designed with security in mind to protect from SQL injection, session hi-jacking, and other common security issues.

这篇关于贝宝如何确保其数据库的安全性?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！