dongyao4419
2019-05-20 06:40 阅读 195

从UI将数据库密钥存储在数据库中

I'm integrating payment gateway in our application. I have an account in their website with an API key and secret key.

The users of our application are sub merchants. They will get their own account in the payment gateway website with an API key and secret key. When I asked their support, they said the main account(our account) cant access the api, secret key of the users of our application and we will have to get it from the users.

We are the ones who will be adding sub merchants and creating accounts in the payment gateway website for the users of our application. So we will have access to api key and secret key of each user.

We will have to save the api key and secret key of each user in our database. My question is should it be done from front end on a web service call. The admin login of our application will enter the api key and secret key of each user and save it to our database.

Is it safe to save the secret key from the front end or is there an other way that we can save it to our database.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • douao2019 douao2019 2019-05-20 07:02

    This is an interesting question and there are several ways to achieve what you want. Here's my suggestion.

    If the entire application is secured by TLS which i think will mostly be (I mean not just having HTTPS but also having TLS from your DB to the Backend) then take the input from the frontend and save it to your database but before saving it encrypt the same using any good encryption method and save the secretkey to the db. The key for this encryption (This is not the secret key but another key for encrypting and decrypting the secret key) must be an environmental variable. This will also help you guys if the db gets hacked or starts leaking.

    点赞 评论 复制链接分享

相关推荐