English 中文(简体)
如果网站所有者窃取付款网关信息,那么使用付款网关是否安全?
原标题:If the website owner steals the payment gateway information then is it safe to use a payment gateway?

我正在整合一个付款网关;这是我第一次将付款网关功能整合到系统中,

由于我成功地整合了它,但我看到用户必须输入以下数值才能购买他的物品,交易代号被退回。

    //post_values.Add("x_card_num", "4111111111111111");
    //post_values.Add("x_card_num", CreditCard);
    //post_values.Add("x_exp_date", "0115");
    ////post_values.Add("x_amount", "19.99");
    ////post_values.Add("x_amount", );
    ////post_values.Add("x_description", "Sample Transaction");
    //post_values.Add("x_amount", txtAmout.Text);

    //post_values.Add("x_description", txtDesc.Text);

    ////post_values.Add("x_first_name", "John");
    ////post_values.Add("x_last_name", "Doe");
    ////post_values.Add("x_address", "1234 Street");
    ////post_values.Add("x_state", "WA");
    ////post_values.Add("x_zip", "98004");
    //post_values.Add("x_first_name", txtFName.Text);
    //post_values.Add("x_last_name", txtFName.Text);
    //post_values.Add("x_address", txtAddr.Text);
    //post_values.Add("x_state", txtState.Text);
    //post_values.Add("x_zip", txtZip.Text);

这些价值只是固定了他的交易和购买物品,所以我的困惑是,如果网站所有者将所有这些信息输入他的数据库,并使用他的细节进行更多的交易,那又怎样呢?它是否安全可靠,或者我无法理解的其他事情发生?

最佳回答

网站所有者可以将所有信息输入他的数据库, 如果交易模式出现在网站上, 所以我和我想其他多数人要么从信任网站进行交易,

问题回答

以下是以下一些基本准则:

  1. Keep all information in your database except for the credit number. Never keep the credit number unless you feel that your encryption systems are safe.
  2. Store Authorize.net successful or failed transactions
  3. You need to create a transaction table where you will create a new line for each transaction, regardless of being the same user, or transaction result.
  4. Encrypt some portions of the transaction: Address is good thing to encrypt. This will avoid identity theft if you ever get hacked.
  5. Make sure all user passwords are hashed
  6. Store the Web Site Database connection encrypted as well
  7. Communicate with the database using only stored procedures. This should avoid SQL injection, if the stored procedures are built correctly.

感谢澄清。 我目前正在研究一个以同样方式使用 PayPal 的项目。 我们只将授权代码和交易编号存储在数据库中 。

在我看来,30秒左右的时间里,用户通过存储信息而节省下来,这不值得与存储信息相关的风险。 如果你再次重复交易,供应商会为你安全地存储信息(至少是PayPal),因此没有真正的理由将信用卡信息存储在您的系统中。

[EDIT] Imran指出,将数字的最后4位数储存在报告上是好的。

你无法阻止DB所有人滥用信息,如果他们重新储存信息而不与您的信用卡公司联系并举报欺诈性收费。 支付网关除了确保交易来自其授权客户之一(即有权使用支付网关的客户)之外,不知道是谁输入了支付细节。





相关问题
Anyone feel like passing it forward?

I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...

How to Add script codes before the </body> tag ASP.NET

Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...

Transaction handling with TransactionScope

I am implementing Transaction using TransactionScope with the help this MSDN article http://msdn.microsoft.com/en-us/library/system.transactions.transactionscope.aspx I just want to confirm that is ...

System.Web.Mvc.Controller Initialize

i have the following base controller... public class BaseController : Controller { protected override void Initialize(System.Web.Routing.RequestContext requestContext) { if (...

Microsoft.Contracts namespace

For what it is necessary Microsoft.Contracts namespace in asp.net? I mean, in what cases I could write using Microsoft.Contracts;?

Separator line in ASP.NET

I d like to add a simple separator line in an aspx web form. Does anyone know how? It sounds easy enough, but still I can t manage to find how to do it.. 10x!

热门标签