处理网站上的银行信息(不存储)
[英]Handling Bank information on Website (Not Storing)
问题描述
I have website using MEAN stack and is accessed over HTTPS.
我有使用 MEAN 堆栈的网站,可以通过 HTTPS 访问。 I want the user to input their bank account details but I don't want to store the bank details (since I think there may be liability and security concerns).我希望用户输入他们的银行帐户详细信息,但我不想存储银行详细信息(因为我认为可能存在责任和安全问题)。 The information will then be sent to a 3rd party website like Transferwise where I can send over money to the user bank account.然后,这些信息将被发送到第三方网站,例如 Transferwise,我可以在那里向用户的银行账户汇款。
My question is are there any security precautions that I need to take when I have the user input data on my website?我的问题是,当我的网站上有用户输入数据时,我需要采取任何安全预防措施吗?
1 个解决方案
解决方案1
0 2020-08-12 07:34:23
You have asked a very broad question and thus will get a broad answer in return.你问了一个非常广泛的问题,因此将得到一个广泛的答案作为回报。 Not persisting any data in the database helps a lot, but you could still fail due to logging sensitive data out on your server side or due to server/TLS misconfigurations.不在数据库中保留任何数据有很大帮助,但由于在服务器端记录敏感数据或服务器/TLS 配置错误,您仍然可能失败。
You probably would want to be PCI DSS compliant (or at least be aware that such a thing exists and how your application relates to this standard).您可能希望符合PCI DSS (或者至少要知道存在这样的事情以及您的应用程序与该标准的关系)。 Fulfilling OWASP ASVS at least Level 1 requirements would be good as well.满足OWASP ASVS至少 1 级的要求也很好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.