将条纹客户ID存储在数据库中是否有危险？ [英] Is it dangerous to store in my database stripe customers ids?

问题描述

例如，如果MysQL数据库被盗，小偷可以使用Stripe客户ID向他们收费吗？

我应该将这些ID存储在数据库中吗？

谢谢。

解决方案

客户id（ cus_XXXX ）可用于向客户的卡收费，但只能使用您帐户的Secret API密钥（ sk_live_XXX ）。

在这种情况下，如果有人动手访问您的数据库，除非他们还偷走了您的API密钥，否则他们将无能为力。

将Stripe通过API返回的任何内容存储在您自己的数据库中是安全的，因为否则它们不会首先返回这些值。 此处有关PCI合规性的内容也被部分覆盖。 / p>

If my MysQL database is stolen for example, can a thief use the Stripe customers ids to charge them?

Should I store these Ids in my database or not? Store them but encrypt them?

Thanks.

解决方案

The customer id (cus_XXXX) can be used to charge a customer's card but only with your account's Secret API key (sk_live_XXX).

Someone getting their hands on your database in that situation wouldn't be able to do anything with the information unless they also stole your API keys.

It's safe to store anything that Stripe returns via the API in your own database as they wouldn't be returning those values in the first place otherwise. It's also partially covered in the documentation here about PCI compliance.

这篇关于将条纹客户ID存储在数据库中是否有危险？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！