简体繁体 English

将银行信息存储在数据库中的最佳做法

[英]Best practices for storing bank information in a database

原文 2009-02-27 21:11:44 1 9 php/ mysql/ mcrypt

Summary of answers: 答案摘要：
Don't do it. 不要这样做。 The legal and financial implications will be disastrous. 法律和财务方面的影响将是灾难性的。 Look for established third party solutions or hire an expert. 寻找既定的第三方解决方案或聘请专家。 Never store any sensitive information on a shared server. 切勿在共享服务器上存储任何敏感信息。 Research for the most appropriate encryption mechanism. 研究最合适的加密机制。

I am buiding a website for a customer that needs to store his clients' bank info (routing + account number) in the db for direct deposit. 我正在为一个客户建立一个网站，该网站需要将客户的银行信息（路由+账号）存储在数据库中以进行直接存款。 Here are some specifics: 以下是一些细节：

1) The website will initially be on a shared hosting server (this is my first concern). 1）该网站最初将位于共享托管服务器上（这是我首先关注的问题）。
2) I am using PHP/MySQL. 2）我正在使用PHP / MySQL。
3) I plan on using mcrypt. 3）我打算使用mcrypt。
4) The key will be located outside the web root. 4）密钥将位于Web根目录之外。

Please let me know your thoughts. 请让我知道你的想法。 If possible, please provide me with some resources on ACH processing. 如果可能的话，请向我提供有关ACH处理的一些资源。

Thanks! 谢谢！

EDIT: I expected such response as I am terrified of security issues out there also. 编辑：我期待这样的回应，因为我也害怕安全问题。 I have expressed my concern to my customer and this will be a good support. 我向客户表达了我的担忧，这将是一个很好的支持。

EDIT 2: Will walk away from this. 编辑2：将离开这一点。 Was not happy with the idea in the first place! 首先对这个想法不满意！ Will investigate PayPal's Mass Payment API. 将调查PayPal的批量支付API。

9 个解决方案

I think you can solve this problem without storing any bank information yourself through using something like Paypal's Mass Payment API . 我认为你可以通过使用像Paypal的Mass Payment API这样的东西自己存储任何银行信息来解决这个问题。 That way, your client can pay people, and PayPal stores all the information so you don't have to. 这样，您的客户可以向人们付款，而PayPal会存储您不必的所有信息。

If you want to read about all of the steps you need to take to even have a remote possiblity of securing your client's sensitive financial data, google ' PCI Compliance ' 如果您想了解您需要采取的所有步骤，甚至可以远程保护客户的敏感财务数据，谷歌的“ PCI合规性 ”

If you're not deathly afraid of storing financial data online, you're horribly naive. 如果你不是害怕在网上存储财务数据，你就会非常天真。

1) The website will initially be on a shared hosting server (this is my first concern). 1）该网站最初将位于共享托管服务器上（这是我首先关注的问题）。 --REALLY BAD. - 特别糟糕。 Not having absolute administrative control over the server, and be able to keep other people out is a really big problem. 没有对服务器的绝对管理控制，并且能够让其他人离开是一个非常大的问题。

I would be really concerned that you're directly accessing the database from the front end web server. 我真的担心你是从前端Web服务器直接访问数据库。 That's a big no-no with financial data. 对于财务数据来说，这是一个很大的禁忌。

Even if you have the strongest encryption algorithm ever, what's to prevent someone from hijacking your system and using it to decrypt the data for them. 即使您拥有最强大的加密算法，还有什么可以阻止某人劫持您的系统并使用它来解密数据。 They won't need the key, they'll just need your application to do the work for them. 他们不需要密钥，他们只需要您的应用程序为他们完成工作。 This is assuming you're using a single key to encrypt and decrypt the data or you are retrieving the data from the db to show to the users of the system. 这假设您使用单个密钥来加密和解密数据，或者您正在从数据库中检索数据以向系统用户显示。

Ok here's the thing. 好的，这就是事情。 If you have to ask these questions, you don't have the technical expertise to do this correctly. 如果您不得不提出这些问题，那么您没有正确的技术专业知识。 I'm not trying to sound mean, it's just a fact. 我不是说听起来很卑鄙，这只是一个事实。 I would go work with a group of seasoned people who do this professionaly first. 我会和一群经验丰富的人一起工作，他们首先做这个职业。 There will be a lot of things that aren't mentioned here that will need to be taken into consideration. 这里有很多未提及的事情需要加以考虑。 there' a lot of stuff about security that isn't written down per se. 有很多关于安全性的东西本身没有写下来。 Things that you won't pick up on from reading a book. 你读书时不会接受的东西。 This is a really hard thing to build, becuase there are big rewards to people who break into financial systems. 这是一个非常难以建立的事情，因为那些闯入金融系统的人有很大的回报。

Don't do it. 不要这样做。

Bu, if you have to, use public/private key crypto. 如果必须，请使用公钥/私钥加密。 Store and use only the public key to encrypt the data going into the database. 仅存储和使用公钥来加密进入数据库的数据。 Store the private key in a secure location (meaning: not the hosted server, but a "secure" local machine with appropriate access controls). 将私钥存储在安全位置（意味着：不是托管服务器，而是具有适当访问控制的“安全”本地计算机）。 When necessary, download the data to the local machine, use the private key to decrypt it, and away you go. 必要时，将数据下载到本地计算机，使用私钥解密，然后离开。

But seriously, find a way to avoid doing this if you possibly can. 但严重的是，如果可能的话，找到一种避免这样做的方法。

Talk to a lawyer about your potential liabilities before continuing. 在继续之前，请向律师咨询您的潜在责任。 Having personal banking data stored on a shared-hosting server has danger written all over it. 将个人银行数据存储在共享托管服务器上会产生危险。 You have no control over who can ultimately get their hands on the data. 您无法控制谁最终可以获取数据。

Of additional concern is it's not your customer's data, it's your customer's client's data! 另外一个问题是它不是您客户的数据，而是您客户的客户数据！ You might be able to make an agreement with your customer to indemnify you, but not when their clients are involved. 您或许可以与您的客户达成协议以赔偿您，但不能在客户参与时进行赔偿。 Once data is compromised, they'll turn right back to you with clients breathing down their neck in tow! 一旦数据受到损害，他们就会立即回到您的身边，让客户全身心投入！

For banking info, your server should be in their control not shared. 对于银行信息，您的服务器应该在他们的控制之下而不是共享。

Also, mcrypt isn't very secure. 此外，mcrypt不是很安全。 I know it's built in but I would suggest something that isn't so hackable such as RSA. 我知道它是内置的，但我会建议一些不那么具有攻击性的东西，比如RSA。 If someone does get a hold of the information, they shouldn't be able to hack it without a private key. 如果有人确实掌握了这些信息，那么他们就不应该在没有私钥的情况下破解它。

I was facing a similar situation like you, and solved it this way. 我遇到了和你一样的情况，并以这种方式解决了。

Since you will not be doing ACH processing, find out if the ACH processing API has the ability to create a customer. 由于您不会进行ACH处理，因此请确定ACH处理API是否具有创建客户的能力。
If yes, this customer object, will normally include account number, routing number, etc, and store the token in your database. 如果是，则此客户对象通常包括帐号，路由号等，并将令牌存储在您的数据库中。 (So when the user gives his info, you pass it straight to your ACH processor over HTTPS, and save the token). （因此，当用户提供他的信息时，您可以通过HTTPS直接将其传递给ACH处理器，并保存令牌）。
Whenever you have to debit their account, pass this token to the processor, and that's it!! 每当您必须从他们的帐户扣款时，将此令牌传递给处理器，就是这样！

This way, you are not saving any account and routing numbers on your database, and even if someone hacks the DB, they just see token's, which is pretty useless - they can't do anything with it, as it is ACH processor specific. 这样，您就不会在数据库中保存任何帐号和路由号码，即使有人攻击数据库，他们也只看到令牌，这是无用的 - 他们无法对其进行任何操作，因为它是ACH处理器特定的。

I've done similar for credit cards using Stripe. 我使用Stripe的信用卡做了类似的事情。

Good luck! 祝好运！

I agree with the others - this is a very bad idea. 我同意其他人的意见 - 这是一个非常糟糕的主意。

Dedicated servers can be had for between $79-$99 a month, if that's not affordable, I really would wonder why they're processing bank information to begin with. 专用服务器的月租金可能在79美元到99美元之间，如果不能负担得起，我真的很想知道他们为什么要开始处理银行信息。 The preferred way would be to have the database seperate from the web box in this instance as well. 首选方法是在此实例中使数据库与Web框分开。 Preferably with some firewalls and other protection between them (that is, 2 firewalls, one in front of the web server, and one between the web server and the database). 最好在它们之间有一些防火墙和其他保护（即2个防火墙，一个在Web服务器前面，一个在Web服务器和数据库之间）。

But anything would be better than using shared hosting. 但是任何东西都比使用共享托管更好。 I mean, you can connect right to SQL server and see all the available databases - how easy would it be to jump right in with minimal hacking? 我的意思是，你可以直接连接到SQL服务器并查看所有可用的数据库 - 以最小的黑客攻击直接进入是多么容易？

Also, please tell me the name of the site so I never sign up and put my banking info on it!!! 另外，请告诉我网站的名称，所以我从来没有注册并把我的银行信息放在上面！ :) :)

Also, make sure you have errors and ommission insurance before going forward with shared hosting. 此外，在开始共享主机之前，请确保您有错误和省额保险。

You don't have experience in this area, and you can't even find cans of worms this big at a warehouse club. 你没有这个领域的经验，甚至在仓库俱乐部都找不到这么大的蠕虫。 This is a case in which your customer needs to hire a domain expert; 在这种情况下，您的客户需要聘请领域专家; if you're interested in doing this kind of work in the future, try to work very closely with the expert and absorb as much knowledge as you can. 如果您有兴趣将来做这类工作，请尽量与专家密切合作，尽可能多地吸收知识。

I think everybody here has announced their distaste of the situation enough, so I will just drop a hint on another problem when doing any kind of crypto (which we will agree is necessary): 我想这里的每个人都已经公布了他们对这种情况的厌恶，所以在做任何类型的加密时我都会提出另一个问题（我们同意这是必要的）：

The data has to be encrypted somewhere! 数据必须在某处加密！

If you do it on the server, well a compromised server will just do your encryption and pass them on w/o encrypting them. 如果您在服务器上执行此操作，那么受感染的服务器将只进行加密并传递它们而不加密它们。

If you do it on the client, this is a bit more secure, but still leaves the door wide open if someone has access to your server: They can in theory simply open a XSS hole (ie insert a remote script into your page...) that sends a copy to their box before encrypting... 如果你在客户端上这样做，这样会更安全，但是如果有人可以访问你的服务器，它仍然会敞开大门：它们理论上只需打开一个XSS漏洞（即在你的页面中插入一个远程脚本.. 。）在加密之前将副本发送到他们的盒子...

In the end: If you really consider doing this on a server that might not be 110% secure, WALK AWAY . 最后：如果您真的考虑在可能不是110％安全的服务器上执行此操作，请步行。