drupal信用卡安全
根据信用卡交易,drupal 提供的最佳安全功能(设置、模块)是什么?您有任何其他预防技术吗?如果可能,也请发布重要且必要的设置点。
what are the best security features (settings,modules) provided by drupal according to credit card transaction?. Do you have any additional prevention techniques .If possible post important and necessary setting points also please.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
最重要的是,根本不处理 CC 数据。。有多个支付处理器可以提供支付 API 并为您处理 CC 处理。这样,当您的数据库受到威胁时,您无需担心 PCI DSS 或逃逸的 CC#(以及由此产生的 PR 争议)。
(看起来我在这里回避了这个问题,但是每次我们自己计算流程卡的成本/让处理器来做这件事时,自己动手的方法都会带来高昂的初始成本和相当高的维护成本成本,再加上更高的风险,支付处理商会让您付出一些代价,但会减轻您的风险+PCI DSS)
Most importantly, don't handle the CC data at all. There are several payment processors which provide a payment API and handle the CC processing for you. That way, you don't need to worry about PCI DSS or about escaped CC#s (and the resulting PR brouhaha) when your database is compromised.
(it may seem I'm dodging the question here, but every time we've done a calculation of costs in process cards ourselves/have a processor do it, the roll-your-own approach would bring high initial costs and considerably higher maintenance costs, plus higher risks. OTOH, payment processor will cost you something, but takes this risk+PCI DSS off you)
如果您想使用 drupal 或任何其他技术处理信用卡交易,您需要遵守支付卡行业数据安全标准 (PCI DSS)。
If you want to handle credit cards transactions with drupal or any other technology you need to comply to the Payment Card Industry Data Security Standard (PCI DSS).
我同意皮斯克沃尔的观点。如果您不能 100% 确定自己在做什么,我认为您最好使用社区已经尝试和测试的现有代码。查看支付模块。
I agree with Piskvor. If you're not 100% sure what you're doing, I think you're better off using existing code that has been tried and tested by the community. Have a look at Pay module.