通过电子邮件发送安全信息的最佳做法? [英] Best practice to send secure information over e-mail?
问题描述
我必须将从用户输入的网站收集的敏感信息(姓名,地址,社会保险号等)发送到电子邮件地址。
I have to send sensitive information (name, address, social security number etc.) collected from a website, that has been entered by a user, to an e-mail address.
使信息安全且容易在接收端提取的最佳方法是什么?
What is the best course of action to make the information secure and easy to extract on the receiver side?
编辑:我将使用ASP.NET作为网站,不知道该功能对此有何影响。
I will be using ASP.NET for the website, not sure what it has for capabilities on this matter.
编辑:如果我决定将信息存储在数据库中,并且只有在新的条目生成时才发送邮件,这会更好吗?并创建一些安全的方式来转储信息。
If I decide to store the information in a database and just send a mail when a new entry has been made, would this be better? And create some secure way to dump the information instead.
推荐答案
最好的方法是以另一种方式运行,快速。重新设计您的应用程序,使其不会启用身份窃取。
The best course of action would be to run the other way, fast. Redesign your application so that it doesn't enable identity theft.
您可以使用S / MIME或PGP向大多数非Web电子邮件客户端发送安全电子邮件,但是需要大量设置:收件人必须具有证书,您必须为每个收件人获取正确的证书。
You can use S/MIME or PGP to send secure email to most non-Web email clients, but it takes a lot of set up either way: the recipient has to have a certificate, and you have to get the right certificate for each recipient.
作为一个更好的设计的例子,考虑一个邮件收件人的通知,然后返回到网站,通过SSL安全验证后查看信息。
As an example of a better design, consider one where the recipient is mailed a notification, and then returns to the web site to view the information after authenticating securely over SSL.
虽然它有助于减少收件人所需的系统的复杂性,但更大的胜利是它加强了对敏感信息的分发和保留的控制,并有助于审核对该信息的访问。通过电子邮件发送给他人,使他们更容易将其不安全地永久存储,或将其转发给未经授权的收件人。
While it helps to reduce the complexity of the system needed by the recipient, the bigger win is that it strengthens control over the distribution and retention of the sensitive information, and aids in auditing the access to that information. Sending someone an email makes it that much easier for them to store it unsafely, forever, or forward it to unauthorized recipients.
这篇关于通过电子邮件发送安全信息的最佳做法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
