数据加密 [英] Data Encryption
问题描述
存储大量信用卡信息的数据库是我们刚刚完成的系统的不可避免的部分。我想要的是卡号的最终安全,从而我们建立一个机制来加密和解密,但我们自己不能解密任何给定的数字。
我后面是一个方法来保护这些信息,甚至在数据库级别,所以没有人可以进去并产生一个卡号的文件。其他人如何克服这个问题? 标准方法是什么?
对于数据的使用,链接都是私密和安全的,不执行卡号的传输,除非一个记录被创建并且被加密,所以我不担心前端只是后端。
数据库是ORACLE所以我有PL / SQL和Java来玩。
没有缺乏处理器愿意存储您的CC信息并将其兑换为令牌,您可以使用该令牌对存储的号码进行计费。这使您失去PCI合规性,但仍然允许按需付费。
大多数公司将此称为客户资料,这取决于为什么需要存储CC管理,实际上费用是相当合理的。
我知道几个供应商(没有特定顺序):
- 授权.NET客户信息经理< a>
- TrustCommerce Citadel
- BrainTree
ul>
A database that stores a lot of credit card information is an inevitable part of the system we have just completed. What I want though is ultimate security of the card numbers whereby we setup a mechanism to encrypt and decrypt but of ourselves cannot decrypt any given number.
What I am after is a way to secure this information even down at the database level so no one can go in and produce a file of card numbers. How have others overcome this issue? What is the 'Standard' approach to this?
As for usage of the data well the links are all private and secure and no transmission of the card number is performed except when a record is created and that is encrypted so I am not worried about the front end just the back end.
Well the database is ORACLE so I have PL/SQL and Java to play with.
There's no shortage of processors willing to store your CC info and exchange it for a token with which you can bill against the stored number. That gets you out of PCI compliance, but still allows on demand billing. Depending on why you need to store the CC, that may be a better alternative.
Most companies refer to this as something like "Customer Profile Management", and are actually pretty reasonable on fees.
A few providers I know of (in no particular order):
这篇关于数据加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
