简体繁体 English

将帐户余额安全地存储在数据库中？

[英]Securely storing account balances in a database?

原文 2011-03-08 18:45:04 7 2 python/ database/ django/ web-applications

So I have a Django web application and I need to add a payment module to it. 所以我有一个Django Web应用程序，我需要添加一个支付模块。

Basically a user will prepay for a certain amount of service and this will slowly reduce over as the user uses the service. 基本上，用户将预付一定数量的服务，并且当用户使用该服务时，这将缓慢减少。 I'm wondering what is the best practice to facilitate this? 我想知道促进这个的最佳做法是什么？ I can process payments using Satchmo, but then just storing the USD value in a database and having my code interacting with that value directly seems kind of risky. 我可以使用Satchmo处理付款，但只是将USD值存储在数据库中并让我的代码与该值直接交互似乎有点冒险。 Sure I can do that but I am wondering if there is a well tested solution to this problem out there already? 当然我可以做到这一点，但我想知道是否已经有一个经过充分测试的解决方案来解决这个问题？

2 个解决方案

I don't know about a "well-tested solution" as you put it, but I would strongly caution against just storing a dollar value in the database and increasing or decreasing that dollar value. 我不知道你提出的“经过良好测试的解决方案”，但我强烈建议不要在数据库中存储一个美元值并增加或减少该美元价值。 Instead, I would advise storing transactions that can be audited if anything goes wrong. 相反，我会建议存储可以在出现任何问题时进行审计的事务。 Calculate the amount available from the credit and debit transactions in the user account rather than storing it directly. 计算用户帐户中信用卡和借记卡交易的可用金额，而不是直接存储。

For extra safety, you would want to ensure that your application cannot delete any transaction records. 为了更加安全，您需要确保您的应用程序无法删除任何交易记录。 If you cannot deny write permissions on the relevant tables for some reason, try replicating the transactions to a second database (that the application does not touch) as they are created. 如果由于某种原因无法拒绝相关表的写入权限，请尝试在创建事务时将事务复制到第二个数据库（应用程序不接触）。

My language agnostic recommendation would be to make sure that the database that communicates with the web app is read only; 我的语言不可知的建议是确保与Web应用程序通信的数据库是只读的; at least for the table(s) that deal with these account balances. 至少对于处理这些账户余额的表格。 So, you process payments, and manage the reduction of account balances in a database that is not accessible to anyone other than you (ie not connected to the internet, or this web app). 因此，您处理付款，并管理数据库中帐户余额的减少，这是您以外的任何人都无法访问的（即未连接到互联网或此Web应用程序）。 You can periodically take snapshots of that database and update the one that interacts with the webapp, so your users have a read copy of their balance. 您可以定期拍摄该数据库的快照并更新与该Web应用程序交互的快照，以便您的用户拥有其余额的读取副本。 This way, even if a user is able to modify the data to increase their balance by a million bucks, you know that you have their true balance in a separate location. 这样，即使用户能够修改数据以将其余额增加一百万美元，您也知道您在一个单独的位置拥有真正的余额。 Basically, you'd never have to trust the data on the webapp side - it would be purely informational for your users. 基本上，您永远不必信任webapp端的数据 - 这对您的用户来说纯粹是信息性的。