Use cryptography to store sensitive
information:
- Don't invent a new algorithm. Use industry
standards to encrypt data. For Salesforce B2C Commerce web application development
this means that you should only use a prepared internal card storage
mechanism.
- Minimize the storing of information.
Rethink whether you need to store the information.
- Be extremely careful in storing keys,
certifications, and passwords. Only use B2C Commerce
methods.
- Don't store sensitive information on the
client side.
- Don't store any sensitive data in the
session; instead, fetch it in the context and reevaluate the proper
rights/authentication.