New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

数据收集符合GDPR吗？ #48

Closed

oscarhong opened this issue May 25, 2018 · 1 comment

Labels

discussion

oscarhong commented May 25, 2018

GDPR今天开始实施了。业务需求要符合GDPR。请问这个服务器符合相关要求吗？

huangyoukun added the discussion label

Collaborator

huangyoukun commented May 25, 2018

安全和隐私

开放平台服务方已采取的措施
1. 项目信息是完全私密的，采用appid隔离，非项目成员无权访问
2. 抓包、日志敏感数据，存储/缓存使用appid+appkey加盐加密，规避非授权访问
3. appkey落地存储/缓存前，进行了加盐加密，规避脱库
开放平台使用方应该遵循的原则
1. 保持appkey私密，因用于存储加密，不提供修改能力
2. 如果appkey意外泄漏，请更换appid和appkey
3. 项目成员合理授权，定期清理成员名单
更高的安全和隐私需求，推荐使用私有化部署。了解一下？

huangyoukun closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment