问题
If my MysQL database is stolen for example, can a thief use the Stripe customers ids to charge them?
Should I store these Ids in my database or not? Store them but encrypt them?
Thanks.
回答1:
The customer id (cus_XXXX) can be used to charge a customer's card but only with your account's Secret API key (sk_live_XXX).
Someone getting their hands on your database in that situation wouldn't be able to do anything with the information unless they also stole your API keys.
It's safe to store anything that Stripe returns via the API in your own database as they wouldn't be returning those values in the first place otherwise. It's also partially covered in the documentation here about PCI compliance.
来源:https://stackoverflow.com/questions/41576896/is-it-dangerous-to-store-in-my-database-stripe-customers-ids