重定向后获取模型 - 数据存储方法和方法PCI 合规性
我的问题是在我的表单上使用 PRG 模式时如何在重定向期间保留数据。具体来说,我想在电子商务应用程序中使用它。我有三个通过重定向存储数据的选项,我对每个选项都有顾虑。我希望你们能够帮助我解决这个问题:
1.) 在 URL 字符串中存储数据
我可以将数据存储为在 URL 中传递的加密字符串。这很好,因为我不必存储信用卡信息,但我担心(也许我是错的)Google Analytics 可能会导致信用卡信息(尽管已加密)被索引并显示在搜索结果中。希望我在这个问题上是错误的,并且可以使用这种方法,因为它是最简单的。
2.) 在会话中存储数据
我可以将数据存储在会话中,但我担心某些用户将无法使用会话,因为 cookie 被禁用,这会限制应用程序的实用性。此外,我将在会话中存储加密的信用卡信息,并且 PCI 合规性表示在任何情况下都不允许我存储 CVV。
3.) 将数据存储在数据库中
我可以将数据存储在数据库中,这将解决我对会话的兼容性问题——但我仍然面临在任何情况下都不允许存储 CVV 号的问题。
看来使用 PRG 模式时,通过 URL 传递信息是最好的方法。我只是担心页面中的 Google Analytics 可能会索引 URL 中的查询字符串。尽管查询将是信用卡信息的加密且不可读的形式,但我仍然不希望它出现在任何内容上。希望我对 Analytics 会存储和索引该信息的看法是错误的。
请指教,谢谢您的帮助。
My question is on how to preserve data during the redirect when using the PRG Pattern on my forms. Specifically, I'm wanting to use this in an ecommerce application. I have three options of storing the data over the redirect, and I have concerns with each. I'm hoping you guys may be able to help me work through this issue:
1.) Store Data in URL String
I can store the data as an encrypted string passed in the URL. This is great in that I don't have to store credit card information, but my worry is that (and maybe I'm wrong) Google Analytics might cause the credit card information, though encypted, to be indexed and show up in search results. Hopefully I am wrong in this concern and can use this method, since it's the easiest.
2.) Store Data in Sessions
I could store the data in a session, but I'm worried some users won't be able to use sessions because of cookies being disabled, which would limit the usefulness of the application. Additionally, I would be storing encrypted credit card information in the session and PCI Compliance says that I am not allowed to store the CVV under any circumstances.
3.) Store Data in Database
I could store the data in a database, which would solve the compatibility concern I have with sessions -- but I'm still left with the problem of not being allowed to store CVV numbers under any circumstances.
It seems that passing information through the URL is the best method when using the PRG pattern. I'm just worried that Google Analytics in the page might index the query string in the URL. Even though the query would be an encrypted and unreadable form of the credit card information, I still wouldn't want that to show up on anything. Hopefully I am incorrect in thinking Analytics would store and index that information.
Please advise, thanks for your help.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
Ley 说您通过 URL 传递信用卡信息。
爬虫可以使用 CVV 索引页面的唯一方法是用户在提交帖子后重定向到的 URL 以某种方式泄露。您说您对 URL 中传递的信用卡信息进行了加密,但如何完成此操作的细节至关重要。
如果您只是使用相同的密钥对所有内容进行加密,然后在请求页面时解密 URL 信息并将其显示给用户进行确认,那么这肯定是不够的。例如,仅允许确认页面显示一次仍然不够,因为没有那么多 CVV 号码,任何用户都可以轻松尝试所有组合并查看它们加密的内容。所以我什至没有考虑复杂的 cryptanalisys 解决方案。
我认为可以做到这一点的一种可能方法是生成一个长随机密钥(或者只要您正在加密的信息;因为它不是那么多数据,在这种情况下您可以使用对称加密),用该密钥,并将该密钥设置为客户端上安全且短暂的 cookie(当然,全部通过 https)。这样,即使 URL 泄露,也只有该用户能够解密信用卡信息。
这也解决了您可能在 Web 服务器中记录请求的问题;由于很少记录 cookie,因此检查日志也不足以检索信用卡信息。
Ley's say you pass the credit card information through the URL.
The only way crawlers could index a page with the CVV is if the URL the user was redirected to after post submissions somehow leaked. You say you encrypt the credit card information passed in the URL, but the details of how this is done are crucial.
If you just encrypt everything with the same key and just decrypt the URL information when the page is requested and show it to the user for confirmation, it's certainly not enough. It would still not be enough to e.g. allow that confirmation page to be displayed only once – since there are not that many CVV numbers, any user can trivially try all the combinations and see what they encrypt to. So I'm not even considering complex cryptanalisys solutions.
A possible way I see this could be done would be to generate a long random key (or as long as the information you're encrypting; since it's not that much data and you can use symmetric encryption in that case), encrypt the data with that key, and set that key as a secure and short-lived cookie on the client (all over https, of course). That way, even if the URL leaks, only that user will be able to decrypt the credit card information.
This also solves the problem that you may be logging the requests in your web server; since very rarely are cookies logged, an examination of logs will also be insufficent to retrieve the credit card information.
对您将传递此信息的页面禁用 Google Analytics,并确保您在所有包含该信息的页面上都有证书。使用一些基本的加密可能也是值得的。
如果您要发送 URL,您可以执行以下操作,这将为您提供额外的安全层:
Disable Google Analytics for the pages where you'll be passing this information and make sure you have a cert on all pages which have the information. It's probabaly worth you using some basic encryption too.
Here's what you could do if you're going to send in the URL, it'll give you an extra layer of security: