When using Jasypt StandardPBEStringEncryptor, we must explicitly set the password in the spring bean configuration file. Is it safe and safe to have a password in the bean configuration file? Will the PCI Compliance problem keep the encryption password?
This one will not be compatible with PCI. Data encryption keys cannot be stored in clear text. The specific point is 3.5.2, which:
, , .
, , 3.6.6 ( )
, , (, , , ).
PCI-. , ( PCI) . , QSA (PCI Qualified Security Assesor) , . , QSA, , PCI, .
-. , .
Source: https://habr.com/ru/post/1755985/More articles:File Download and GWT Look and Feel Control - htmlFacebook Как кнопка иногда появляется иногда не - javascriptData structure problem - algorithmSeveral WHERE in one LINQ 2 SQL method - c #Using a dynamic dictionary in C # - dictionarygetting the path to a program in a Visual Studio installation project - c #Трудный T-SQL для отображения организационной диаграммы (иерархия/рекурсия) - sql-serverWord OLE Automation - removing the first page and managing the header and footer - ms-wordMVC Getting Authorization Permission - model-view-controllerDifference in using attributes / interfaces in C # - c #All Articles