We are looking at starting to write payment files to a bank. Needles to say it would be a very bad day for us and our customers if someone where to change our binaries to add a few extra payments to their own accounts.
So we are looking for ways to secure this pipeline without making it too hard to deploy new versions of our main application.
The idea is that we would host a second service which is much smaller. This would only be responsible for checking the each payment marked to be executed is properly signed by the user. And if it is signed, we send that file to the bank.
In the best of worlds there would be a solution where we could host that code somewhere were at least two of our administrators have to sign of before new code is deployed.
Does something like this exist? If not, is there anything in regards to monitoring we could do instead to detect code changes so we can act on it?
Moved bySheethal J SThursday, September 7, 2017 6:09 AM
Moved byDave PatrickMVPThursday, September 7, 2017 12:36 PMno forum for design
