在SQL数据库中存储加密的信用卡号码 [英] Storing encrypted credit card numbers in a SQL database
问题描述
我在想,最好的办法是在一个SQL数据库中存储的加密的信用卡号码的 C#(.NET框架)。我应该做手工用字符串/ SecureString的/字节数组
带有某种的对称加密
?
我听说一个替代(也可能是更容易的选择),一个服务提供商(你将交易与)会给你一个键
可用于检索交易信息。我不知道如何去了解这种方法,但这是更好的选择?我最想要的最安全和最安全的选择。我想成为的 PCI兼容和
我听说一个替代(也可能是更容易的选择),服务提供商(其中放置与交易)会给你可以用来检索交易信息的关键。
这是真实的。基本上,该方法是:
- 获取从客户/用户的信用卡信息。储存在 IN- code 变量(即不是一个文件或日志或数据库)。
- 发送信用卡信息到你的处理器(如Authorize.NET,付费软件,贝宝等)。
- 接收响应,其中包括一个令牌某种形式的。这是你的方式识别这个特殊的交易与处理器未来的通信。
- 存储在标记到数据库。加密将是很好,但不是必需的,因为令牌仅仅是指交易#12345,而本身不具备的敏感信息。
I was wondering what the best approach is to store encrypted credit card numbers in a SQL database for C# (.net framework). Should I do it manually by using String/SecureString/Byte Array
with some sort of symmetric encryption
?
I heard that for an alternative (and probably the easier option), a service provider (which you place the transaction with) will give you a key
that can be used to retrieve transaction information. I don't know how to go about this approach, but is this the better option? I want the most safest and most secure option. I want to be PCI compliant as well.
I heard that for an alternative (and probably the easier option), a service provider (which you place the transaction with) will give you a key that can be used to retrieve transaction information.
This is true. Basically, the process is:
- Get credit card information from customer / user. Store in in-code variable (i.e. not a file, or a log, or a database).
- Send credit card information to your processor (such as Authorize.NET, Payware, Paypal, etc).
- Receive a response which includes a "token" of some sort. This is the way you identify this particular transaction for future communications with the processor.
- Store the token into your database. Encryption would be nice, but not necessary, since the token simply refers to "Transaction #12345", and has no sensitive information by itself.
这篇关于在SQL数据库中存储加密的信用卡号码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!