blocks|key|139023|text|不缺少愿意存储CC信息并交换令牌的处理器，您可以使用该令牌对存储的数字进行票据处理。这使您脱离了PCI遵从性，但仍然允许按需计费。根据需要存储CC的原因，这可能是一个更好的选择。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|139024|大多数公司将此称为“客户简介管理”()，实际上在收费方面相当合理。|139025|我认识的几个提供者(不按特定顺序)：|139026|Authorize.NET客户信息管理器|unordered-list-item|offset|length|139027|TrustCommerce城堡|139028|BrainTree|139029|entityMap|0|LINK|mutability|MUTABLE|url|http://www.authorize.net/solutions/merchantsolutions/merchantservices/cim/|1|http://www.trustcommerce.com/citadel.php|2|http://www.braintreepaymentsolutions.com/pci-dss-compliance/^0|0|0|0|0|K|0|0|0|F|1|0|0|9|2|0^^$0|@$1|2|3|4|5|6|7|10|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|11|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|12|8|@]|9|@]|A|$]]|$1|F|3|G|5|H|7|13|8|@]|9|@$I|14|J|15|1|16]]|A|$]]|$1|K|3|L|5|H|7|17|8|@]|9|@$I|18|J|19|1|1A]]|A|$]]|$1|M|3|N|5|H|7|1B|8|@]|9|@$I|1C|J|1D|1|1E]]|A|$]]|$1|O|3|-4|5|6|7|1F|8|@]|9|@]|A|$]]]|P|$Q|$5|R|S|T|A|$U|V]]|W|$5|R|S|T|A|$U|X]]|Y|$5|R|S|T|A|$U|Z]]]]

There's no shortage of processors willing to store your CC info and exchange it for a token with which you can bill against the stored number. That gets you out of PCI compliance, but still allows on demand billing. Depending on why you need to store the CC, that may be a better alternative.

Most companies refer to this as something like "Customer Profile Management", and are actually pretty reasonable on fees.

A few providers I know of (in no particular order):

<ul>
<li><a href="http://www.authorize.net/solutions/merchantsolutions/merchantservices/cim/" rel="nofollow noreferrer">Authorize.NET Customer Information Manager</a></li>
<li><a href="http://www.trustcommerce.com/citadel.php" rel="nofollow noreferrer">TrustCommerce Citadel</a></li>
<li><a href="http://www.braintreepaymentsolutions.com/pci-dss-compliance/" rel="nofollow noreferrer">BrainTree</a></li>
</ul>

blocks|key|1137794|text|除非您是支付处理程序，否则您实际上不需要存储任何类型的CC信息。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1137795|回顾您的需求，确实没有太多需要存储CC信息的情况。|1137796|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

Unless you are a payment processor you don't really need to store any kind of CC information.

Review your requirements, there really is not many cases where you need to store CC information

blocks|key|1137662|text|不要存储信用卡号码，而是存储散列。当您需要验证一个新数字是否与存储的数字匹配时，请获取新数字的散列，并将其与存储的散列进行比较。如果他们匹配，数字(在理论上)是相同的。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1137663|或者，您可以通过让输入卡号的用户输入密码短语来加密数据；您可以将其用作加密/解密密钥。|1137664|但是，任何能够访问您的数据库和源代码的人(即。你和你的团队会发现解密这些数据(即。修改实时代码，以便将输入到一次性Hotmail帐户的任何解密密钥电子邮件，等等)。|1137665|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|H|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|I|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|J|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|G|$]]

Don't store the credit card numbers, store a hash instead. When you need to verify if a new number matches a stored number, take a hash of the new number and compare it to the stored hash. If they match, the number is (in theory) the same.

Alternatively, you could encrypt the data by getting the user who enters the card number to enter a pass phrase; you'd use this as an encryption/decryption key.

However, anyone with access to your database and sourcecode (ie. you and your team) will find it trivial to decrypt that data (ie. modify the live code so that it emails any decryption keys entered to a disposable Hotmail account, etc).

blocks|key|138922|text|如果您存储信用卡信息，因为您不希望用户必须重新输入它，那么散列任何形式都不会有帮助。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|138923|你什么时候需要对信用卡号码采取行动？|138924|您可以将信用卡号码存储在更安全的数据库中，在主数据库中只需存储足够的信息以显示给用户，以及对卡的引用。后端系统可以更多地锁定，并使用实际的信用卡信息，仅用于订单处理。如果您愿意，可以通过某个主密码对这些数字进行加密，但是密码必须由需要获得密码的代码来知道。|138925|是的，您只是在某种程度上转移了问题，但是很多安全性更多的是为了减少攻击量，而不是消除它。如果你想消除它，那就不要把信用卡号码存储在任何地方！|138926|entityMap^0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|J|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|K|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|L|8|@]|9|@]|A|$]]|$1|F|3|G|5|6|7|M|8|@]|9|@]|A|$]]|$1|H|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|I|$]]

If you are storing the credit card information because you don't want the user to have to re-enter it then hashing of any form isn't going to help.

When do you need to act on the credit card number?

You could store the credit card numbers in a more secure database, and in the main db just store enough information to show to the user, and a reference to the card. The backend system can be much more locked down and use the actual credit card info just for order processing. You could encrypt these numbers by some master password if you like, but the password would have to be known by the code that needs to get the numbers.

Yes, you have only moved the problem around somewhat, but a lot of security is more about reducing the attack footprint rather than eliminating it. If you want to eliminate it then don't store the credit card number anywhere!

blocks|key|138880|text|如果您使用的是甲骨文，您可能对透明数据加密感兴趣。不过，只有企业许可证才能使用。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|138881|甲骨文还有加密解密的实用工具，例如工具包.|138882|至于“标准”，您感兴趣的标准是PCI+DSS标准，它描述了需要采取哪些措施来保护敏感的信用卡信息。|138883|entityMap|0|LINK|mutability|MUTABLE|url|http://www.oracle.com/technology/obe/10gr2_db_vmware/security/tde/tde.htm|1|http://download-west.oracle.com/docs/cd/A87860_01/doc/appdev.817/a76936/dbms_obf.htm|2|https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml^0|F|6|0|0|H|3|1|0|F|7|2|0^^$0|@$1|2|3|4|5|6|7|T|8|@]|9|@$A|U|B|V|1|W]]|C|$]]|$1|D|3|E|5|6|7|X|8|@]|9|@$A|Y|B|Z|1|10]]|C|$]]|$1|F|3|G|5|6|7|11|8|@]|9|@$A|12|B|13|1|14]]|C|$]]|$1|H|3|-4|5|6|7|15|8|@]|9|@]|C|$]]]|I|$J|$5|K|L|M|C|$N|O]]|P|$5|K|L|M|C|$N|Q]]|R|$5|K|L|M|C|$N|S]]]]

If you're using Oracle you might be interested in <a href="http://www.oracle.com/technology/obe/10gr2_db_vmware/security/tde/tde.htm" rel="nofollow noreferrer">Transparent Data Encryption</a>. Only available with an Enterprise license though.

Oracle also has utilities for encryption - decryption, for example the <a href="http://download-west.oracle.com/docs/cd/A87860_01/doc/appdev.817/a76936/dbms_obf.htm" rel="nofollow noreferrer">DBMS_OBFUSCATION_TOOLKIT</a>.

As for "Standards", the proper standard you are interested in is the <a href="https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml" rel="nofollow noreferrer">PCI DSS</a> standard which describes which measures need to be taken to protect sensitive credit card information.

blocks|key|139162|text|对于电子商务类型的用例(如Amazon1-Click)，可以使用用户现有的强密码加密CC+(或密钥)。假设您只存储密码的散列，那么只有用户(或者彩虹表--但是，它必须在每个用户上运行，并且如果它没有想出相同的密码--而不仅仅是一个散列相同的密码)才能解密它。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|139163|当密码更改时，您必须小心地重新加密数据，如果用户忘记了密码--但是，如果付款是由用户发起的，则这些数据将变得毫无价值(并且需要用户重新输入)。|139164|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

For an e-commerce type use case (think Amazon 1-Click), you could encrypt the CC (or key) with the user's existing strong password. Assuming you only store a hash of the password, only the user (or a rainbow table - but, it'd have to be run on each user, and would not work if it didn't come up with the same password - not just 1 that hashed the same) can decrypt it.

You'd have to take some care to re-encrypt the data when a password changes, and the data would be worthless (and need to be reentered by the user) if they forgot their password - but, if the payments are user-initiated, then it'd work nicely.

blocks|key|1137632|text|了解DB服务器和语言/平台类型将很有帮助，这样我们就可以得到更具体的信息，但是我将研究沙盒。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1137633|entityMap|0|LINK|mutability|MUTABLE|url|http://en.wikipedia.org/wiki/SHA^0|17|2|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

It would be helpful to know the DB server and language/platform types so we could get more specific, but I would be looking into <a href="http://en.wikipedia.org/wiki/SHA" rel="nofollow noreferrer">SHA</a>.

blocks|key|832088|text|我会对称加密(AES)一个安全的盐度散列(SHA-256+%2B+salt)。加盐哈希就足够了，但是加密会增加一些额外的内容，以防数据库而不是代码泄漏，届时会有用于盐渍散列的彩虹表或其他一些方法。当然，要将密钥存储在代码中，而不是数据库中。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|832089|值得注意的是，没有什么能保护你不受欺骗的队友的影响，例如，他们也可以在散列前存储日期的副本。您必须很好地管理代码存储库，并对信用卡处理路径中的所有代码进行频繁的代码修改。另外，尽量减少接收数据并对其进行加密/散列的时间，手动确保从内存中清除其存储的变量。|832090|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

I'd symmetrically encrypt (AES) a secure salted hash (SHA-256 + salt). The salted hash would be enough with a big salt, but the encryption adds a bit extra in case the database and not the code leaks and there are rainbow tables for salted hashes by then or some other means. Store the key in the code, not in the database, of course.

It's worth noting that nothing protects you from crooked teammates, they can also store a copy of the date before hashing, for instance. You have to take good care of the code repository and do frequent code revisions for all code in the credit card handling path. Also try to minimize the time from receiving the data and having it crypted/hashed, manually ensuring the variable where it was stored is cleared from memory.

A database that stores a lot of credit card information is an inevitable part of the system we have just completed. What I want though is ultimate security of the card numbers whereby we setup a mechanism to encrypt and decrypt but of ourselves cannot decrypt any given number. 

What I am after is a way to secure this information even down at the database level so no one can go in and produce a file of card numbers. How have others overcome this issue? What is the 'Standard' approach to this?

As for usage of the data well the links are all private and secure and no transmission of the card number is performed except when a record is created and that is encrypted so I am not worried about the front end just the back end.

<hr>

Well the database is ORACLE so I have PL/SQL and Java to play with.

Data Encryption

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

教程

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云智能顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云AI代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

功能1上新10个字符

功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符。

功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符。

功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符

功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符

功能4上新

文章&问答评论现已支持表情

全新交互，全新视觉，新增快捷键、悬浮工具栏、高亮块等功能并同时优化现有功能，全面提升创作效率和体验

社区富文本编辑器全新改版！诚邀体验～ 

精选全网热门MCP server，让你的AI更好用 🚀

💥开发者 MCP广场重磅上线！

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

聚焦“写作效率、视觉美观与运行性能”三方面进行全面升级，为您提供更高效、稳定的创作环境

社区富文本&Markdown编辑器全新改版上线，欢迎大家体验!

诚挚邀请您参与本次调研，分享您的真实使用感受与建议。您的反馈至关重要，感谢您的支持与参与！

社区新版编辑器体验调研

一个存储大量信用卡信息的数据库是我们刚刚完成的系统中不可避免的一部分。不过，我想要的是卡号的最终安全性，通过它，我们建立了加密和解密机制，但我们自己却无法解密任何给定的数字。我想要的是一种保护这些信息的方法，即使在数据库级别上也是如此，这样就没有人能够进入并生成一个卡片号码文件。其他人如何克服这一问题？什么是“标准”的方法？至于数据的使用，所有的链接都是保密的，除了创建记录和加密之外，不执行卡号的

问数据加密
EN

回答 8

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问数据加密EN

回答 8

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问数据加密
EN