Data Encryption

后端 未结 8 2122
挽巷
挽巷 2021-02-14 10:05

A database that stores a lot of credit card information is an inevitable part of the system we have just completed. What I want though is ultimate security of the card numbers w

8条回答
  •  南笙
    南笙 (楼主)
    2021-02-14 10:21

    For an e-commerce type use case (think Amazon 1-Click), you could encrypt the CC (or key) with the user's existing strong password. Assuming you only store a hash of the password, only the user (or a rainbow table - but, it'd have to be run on each user, and would not work if it didn't come up with the same password - not just 1 that hashed the same) can decrypt it.

    You'd have to take some care to re-encrypt the data when a password changes, and the data would be worthless (and need to be reentered by the user) if they forgot their password - but, if the payments are user-initiated, then it'd work nicely.

自定义标题
段落格式
字体
字号
代码语言
提交回复
热议问题