html5 localStorage中的信用卡号
[英]Credit card numbers in html5 localStorage
问题描述
What if I stored encrypted credit card info in the browser's localstorage? 
如果我在浏览器的本地存储中存储加密的信用卡信息怎么办? When the user visits the site again, the credit card field is prepopulated by Javascript. 当用户再次访问该网站时,信用卡字段由Javascript预先填充。 The form itself points directly to a payment processor, so credit card info is never transmitted to my server. 表单本身直接指向支付处理器,因此信用卡信息永远不会传输到我的服务器。
Of course, my site and the payment processor's site are accessed via https. 当然,我的网站和支付处理器的网站是通过https访问的。
Is this PCI compliant? 这是PCI兼容吗? Is this a bad way to do things? 这是一个糟糕的做事方式吗?
3 个解决方案
解决方案1
2 2011-09-08 16:44:38
I am not certain that falls under the pci-dss regulations. 我不确定是否符合pci-dss规定。 Storing customer data in potentially hackable files is the big concern. 将客户数据存储在潜在的可破解文件中是一个大问题。
解决方案2
1 2011-09-02 02:07:59
不确定PCI合规性,但您也可以将信用卡信息存储在仅HTTPS的cookie中 。
解决方案3
1 已采纳 2011-09-09 16:17:28
Since the card # would essentially be stored on the client's machine, then (with my interpretation of pci-dss) you have no way to restrict or monitor access to that data even though its encrypted. 由于卡#基本上存储在客户机的机器上,然后(根据我对pci-dss的解释),即使加密,也无法限制或监控对该数据的访问。 Sounds to me to be non-compliant. 听起来不合规。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.