{"id":14712,"date":"2025-11-25T04:28:20","date_gmt":"2025-11-25T01:28:20","guid":{"rendered":"https:\/\/www.inetmar.com\/blog\/?p=14712"},"modified":"2025-11-03T16:29:54","modified_gmt":"2025-11-03T13:29:54","slug":"veritabaninda-hassas-veriler-nasil-guvenle-saklanir","status":"publish","type":"post","link":"https:\/\/www.inetmar.com\/blog\/veritabaninda-hassas-veriler-nasil-guvenle-saklanir\/","title":{"rendered":"Veritaban\u0131nda Hassas Veriler Nas\u0131l G\u00fcvenle Saklan\u0131r?"},"content":{"rendered":"<p>Veritabanlar\u0131nda \u015fifre, kredi kart\u0131 numaras\u0131 veya TC kimlik gibi kritik bilgilerin saklanma \u015fekli, sistem g\u00fcvenli\u011finin temel ta\u015flar\u0131ndan biridir. Sizlerde verilerinizi g\u00fcvenle saklamak istiyorsan\u0131z bug\u00fcn sizler i\u00e7in\u00a0 g\u00fcncel ve g\u00fcvenli y\u00f6ntemleri \u00fc\u00e7 ana ba\u015fl\u0131k alt\u0131nda inceleyece\u011fiz:<\/p>\n<ol>\n<li>D\u00fcz Metin Saklama (G\u00fcvensiz Y\u00f6ntem)<\/li>\n<li>Yerel \u015eifreleme (Hashleme)<\/li>\n<li>Uzakta \u015eifreleme (Tokenization)<\/li>\n<\/ol>\n<h2 id=\"duz-metin\">1. D\u00fcz Metin Saklama \u2013 Kesinlikle Ka\u00e7\u0131n\u0131lmal\u0131<\/h2>\n<p>Hassas verilerin herhangi bir i\u015flemden ge\u00e7irilmeden do\u011frudan veritaban\u0131na kaydedilmesidir.<\/p>\n<h3>\u00d6rnek SQL Komutu:<\/h3>\n<pre><code>INSERT INTO kullanicilar (kullanici_adi, sifre) \r\nVALUES ('ahmet123', 'izMiR35ANKAra06');<\/code><\/pre>\n<h3>Riskler:<\/h3>\n<ul>\n<li>Veritaban\u0131 ele ge\u00e7irildi\u011finde t\u00fcm \u015fifreler a\u00e7\u0131k \u015fekilde g\u00f6r\u00fcl\u00fcr.<\/li>\n<li>SQL injection, yedekleme s\u0131z\u0131nt\u0131s\u0131 veya yetkisiz eri\u015fimle t\u00fcm hesaplar tehlikeye girer.<\/li>\n<\/ul>\n<p class=\"highlight\"><strong>Bu y\u00f6ntem asla kullan\u0131lmamal\u0131d\u0131r.<\/strong><\/p>\n<h2>2. Yerel \u015eifreleme \u2013 Hashleme (Standart G\u00fcvenlik Uygulamas\u0131)<\/h2>\n<p>Kullan\u0131c\u0131 \u015fifresi, tek y\u00f6nl\u00fc bir hash fonksiyonu ile d\u00f6n\u00fc\u015ft\u00fcr\u00fclerek saklan\u0131r. Orijinal veri geri al\u0131namaz.<\/p>\n<h3>\u00d6nerilen Algoritmalar<\/h3>\n<table>\n<thead>\n<tr>\n<th>Algoritma<\/th>\n<th>\u00d6zellik<\/th>\n<th>Kullan\u0131m Alan\u0131<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Argon2<\/strong><\/td>\n<td>Bellek yo\u011fun, brute-force\u2019a dayan\u0131kl\u0131<\/td>\n<td>En y\u00fcksek g\u00fcvenlik<\/td>\n<\/tr>\n<tr>\n<td><strong>bcrypt<\/strong><\/td>\n<td>Otomatik tuzlama, yayg\u0131n kullan\u0131m<\/td>\n<td>Web uygulamalar\u0131<\/td>\n<\/tr>\n<tr>\n<td><strong>PBKDF2<\/strong><\/td>\n<td>\u0130terasyon destekli, eski ama g\u00fcvenli<\/td>\n<td>Kurumsal sistemler<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<blockquote><p><strong>Not:<\/strong> SHA256 gibi h\u0131zl\u0131 hash fonksiyonlar\u0131 <strong>tek ba\u015f\u0131na yeterli de\u011fildir<\/strong>. Tuz (salt) ve maliyet fakt\u00f6r\u00fc (cost factor) eklenmelidir.<\/p><\/blockquote>\n<h3>Uygulama \u00d6rne\u011fi (Python + bcrypt)<\/h3>\n<pre><code>import bcrypt\r\n\r\n# \u015eifre hashleme\r\nsifre = \"AnkaRA45ANKAra123\".encode('utf-8')\r\nhashlenmi\u015f = bcrypt.hashpw(sifre, bcrypt.gensalt())\r\n# Veritaban\u0131na kaydedilir: $2b$12$...\r\n\r\n# Giri\u015f kontrol\u00fc\r\ngiris_sifresi = \"AnkaRA45ANKAra123\".encode('utf-8')\r\nif bcrypt.checkpw(giris_sifresi, veritabanindaki_hash):\r\n    print(\"Giri\u015f ba\u015far\u0131l\u0131\")<\/code><\/pre>\n<h3>\u015eifre De\u011fi\u015ftirme<\/h3>\n<p>Yeni \u015fifre ayn\u0131 algoritmayla hashlenerek g\u00fcncellenir.<\/p>\n<h3>Avantajlar<\/h3>\n<ul>\n<li>Orijinal \u015fifre geri al\u0131namaz.<\/li>\n<li>Ayn\u0131 \u015fifre farkl\u0131 hash \u00fcretir (tuz sayesinde).<\/li>\n<li>Brute-force ve rainbow table sald\u0131r\u0131lar\u0131na kar\u015f\u0131 diren\u00e7lidir.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-14764\" src=\"https:\/\/www.inetmar.com\/blog\/wp-content\/uploads\/2025\/11\/database.webp\" alt=\"\" width=\"700\" height=\"400\" srcset=\"https:\/\/www.inetmar.com\/blog\/wp-content\/uploads\/2025\/11\/database.webp 700w, https:\/\/www.inetmar.com\/blog\/wp-content\/uploads\/2025\/11\/database-300x171.webp 300w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/p>\n<h2>3. Uzakta \u015eifreleme \u2013 Tokenization (Kurumsal \u00c7\u00f6z\u00fcm)<\/h2>\n<p>Hassas veriler kendi <a href=\"https:\/\/www.inetmar.com\/sunucu\/\" target=\"_blank\" rel=\"noopener\">sunucu<\/a>lar\u0131n\u0131zda tutulmaz; sadece bir <strong>referans (token)<\/strong> saklan\u0131r.<\/p>\n<h3>Kullanan \u015eirketler<\/h3>\n<ul>\n<li><strong>Yemeksepeti, Trendyol<\/strong>: Kredi kart\u0131 bilgilerini Visa\/Mastercard vault\u2019larda tutar.<\/li>\n<li><strong>Stripe, PayPal, Iyzipay<\/strong>: PCI DSS uyumlu token d\u00f6ner.<\/li>\n<\/ul>\n<h3>\u0130\u015f Ak\u0131\u015f\u0131<\/h3>\n<ol>\n<li>Kullan\u0131c\u0131 kart bilgisini girer.<\/li>\n<li>\u00d6deme sa\u011flay\u0131c\u0131s\u0131 veriyi \u015fifreler ve bir <strong>token<\/strong> \u00fcretir.<\/li>\n<li>Sadece token veritaban\u0131na kaydedilir.<\/li>\n<li>\u00d6deme gerekti\u011finde token ile i\u015flem yap\u0131l\u0131r.<\/li>\n<\/ol>\n<h3>Veritaban\u0131nda Saklanan \u00d6rnek<\/h3>\n<pre><code>{\r\n  \"kullanici_id\": 123,\r\n  \"kart_token\": \"tok_visa_1AbC2dEfGhIjKlMnOprStUv\",\r\n  \"son_dort\": \"4242\",\r\n  \"marka\": \"visa\"\r\n}<\/code><\/pre>\n<h3>Avantajlar<\/h3>\n<ul>\n<li>PCI DSS, GDPR, KVKK gibi yasal uyumluluklar sa\u011flan\u0131r.<\/li>\n<li>Veri s\u0131z\u0131nt\u0131s\u0131 olsa bile bilgiler kullan\u0131lamaz.<\/li>\n<li>Sistemde tam kart numaras\u0131 <strong>hi\u00e7bir zaman bulunmaz<\/strong>.<\/li>\n<\/ul>\n<h2>Kar\u015f\u0131la\u015ft\u0131rma Tablosu<\/h2>\n<table>\n<thead>\n<tr>\n<th>Y\u00f6ntem<\/th>\n<th>G\u00fcvenlik Seviyesi<\/th>\n<th>Uygulama Alan\u0131<\/th>\n<th>Tavsiye<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>D\u00fcz Metin<\/td>\n<td><span class=\"badge badge-danger\">\u00c7ok D\u00fc\u015f\u00fck<\/span><\/td>\n<td>\u2013<\/td>\n<td><strong>Kullan\u0131lmamal\u0131<\/strong><\/td>\n<\/tr>\n<tr>\n<td>Hashleme (bcrypt\/Argon2)<\/td>\n<td><span class=\"badge badge-success\">Y\u00fcksek<\/span><\/td>\n<td>\u015eifre, API anahtar\u0131<\/td>\n<td><strong>Zorunlu<\/strong><\/td>\n<\/tr>\n<tr>\n<td>Tokenization<\/td>\n<td><span class=\"badge badge-success\">\u00c7ok Y\u00fcksek<\/span><\/td>\n<td>Kredi kart\u0131, TC kimlik<\/td>\n<td><strong>Tercih Edilmeli<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 id=\"oneriler\">Son \u00d6neriler<\/h2>\n<ol>\n<li><strong>D\u00fcz metin saklama<\/strong> hi\u00e7bir ko\u015fulda kabul edilemez.<\/li>\n<li><strong>\u015eifreler i\u00e7in bcrypt veya Argon2<\/strong> kullan\u0131lmal\u0131.<\/li>\n<li><strong>Kredi kart\u0131, kimlik bilgisi gibi veriler i\u00e7in tokenization<\/strong> tercih edilmeli.<\/li>\n<li>Veritaban\u0131 eri\u015fimleri <strong>en az yetki prensibi<\/strong> ile s\u0131n\u0131rland\u0131r\u0131lmal\u0131, t\u00fcm i\u015flemler loglanmal\u0131, yedeklemeler \u015fifrelenmelidir.<\/li>\n<\/ol>\n<p><strong>G\u00fcvenlik, tek seferlik bir i\u015flem de\u011fil, s\u00fcrekli bir s\u00fcre\u00e7tir.<\/strong><\/p>\n<p>Bu bilgiler, modern web ve mobil uygulamalarda veri g\u00fcvenli\u011fini art\u0131rmak i\u00e7in temel prensipleri yans\u0131tmaktad\u0131r. Uygulamalar\u0131n\u0131za entegre ederken, kulland\u0131\u011f\u0131n\u0131z teknolojinin dok\u00fcmantasyonunu da g\u00f6zden ge\u00e7irmeyi unutmay\u0131n.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Veritabanlar\u0131nda \u015fifre, kredi kart\u0131 numaras\u0131 veya TC kimlik gibi kritik bilgilerin saklanma \u015fekli, sistem g\u00fcvenli\u011finin temel ta\u015flar\u0131ndan biridir. Sizlerde verilerinizi g\u00fcvenle saklamak istiyorsan\u0131z bug\u00fcn sizler i\u00e7in\u00a0 g\u00fcncel ve g\u00fcvenli y\u00f6ntemleri \u00fc\u00e7 ana ba\u015fl\u0131k alt\u0131nda inceleyece\u011fiz:&#46;&#46;&#46;<\/p>\n","protected":false},"author":2,"featured_media":14762,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[52],"tags":[],"class_list":["post-14712","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-guvenlik"],"_links":{"self":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/14712","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/comments?post=14712"}],"version-history":[{"count":5,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/14712\/revisions"}],"predecessor-version":[{"id":14766,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/14712\/revisions\/14766"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/media\/14762"}],"wp:attachment":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/media?parent=14712"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/categories?post=14712"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/tags?post=14712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}