You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shardingsphere.apache.org by "strongduanmu (via GitHub)" <gi...@apache.org> on 2023/04/28 03:18:39 UTC
[GitHub] [shardingsphere] strongduanmu opened a new issue, #25383: [Discussion] Consider removing business related plainColumn and queryWithCipherColumn in encrypt rule
strongduanmu opened a new issue, #25383:
URL: https://github.com/apache/shardingsphere/issues/25383
Hi community,
Currently, ShardingSphere encrypt rule contains many configuration items, the complete configuration items are as follows.
```yaml
rules:
- !ENCRYPT
tables:
<table_name> (+): # Encrypt table name
columns:
<column_name> (+): # Encrypt logic column name
plainColumn (?): # Plain column name
cipherColumn: # Cipher column name
encryptorName: # Cipher encrypt algorithm name
assistedQueryColumn (?): # Assisted query column name
assistedQueryEncryptorName: # Assisted query encrypt algorithm name
likeQueryColumn (?): # Like query column name
likeQueryEncryptorName: # Like query encrypt algorithm name
queryWithCipherColumn(?): # The current table whether query with cipher column for data encrypt.
# Encrypt algorithm configuration
encryptors:
<encrypt_algorithm_name> (+): # Encrypt algorithm name
type: # Encrypt algorithm type
props: # Encrypt algorithm properties
# ...
queryWithCipherColumn: # Whether query with cipher column for data encrypt. User you can use plaintext to query if have
```
Some of configuration items are necessary for encrypt feature, such as: cipherColumn, encryptorName, assistedQueryColumn, assistedQueryEncryptorName, likeQueryColumn and likeQueryEncryptorName. These configuration items allow users to configure encrypt columns and encryption algorithms.
Some other configuration items, such as plainColumn and different levels of queryWithCipherColumn, have nothing to do with the encryption core function, but only to meet the switching of business traffic. Maintaining plainColumn and different levels of queryWithCipherColumn has brought great challenges to ShardingSphere, resulting in too complicated SQL rewriting logic. Currently, encrypted SQL rewriting logic is already very complicated.
In order to improve the maintainability of the encryption function, it is time to simplify the encryption configuration and delete plainColumn and queryWithCipherColumn. The work of switching business traffic is handed over to users themselves, while ShardingSphere focuses on increasing the core capabilities of encryption.
Everyone is welcome to participate in the discussion and express their views. Thank you.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] strongduanmu closed issue #25383: [Discussion] Consider removing business related plainColumn and queryWithCipherColumn in encrypt rule
Posted by "strongduanmu (via GitHub)" <gi...@apache.org>.
strongduanmu closed issue #25383: [Discussion] Consider removing business related plainColumn and queryWithCipherColumn in encrypt rule
URL: https://github.com/apache/shardingsphere/issues/25383
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] RaigorJiang commented on issue #25383: [Discussion] Consider removing business related plainColumn and queryWithCipherColumn in encrypt rule
Posted by "RaigorJiang (via GitHub)" <gi...@apache.org>.
RaigorJiang commented on issue #25383:
URL: https://github.com/apache/shardingsphere/issues/25383#issuecomment-1536999892
@strongduanmu For this task, the [DistSQL](https://shardingsphere.apache.org/document/current/en/user-manual/shardingsphere-proxy/distsql/syntax/rdl/rule-definition/encrypt/create-encrypt-rule/) syntax also needs to be adjusted accordingly.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] strongduanmu commented on issue #25383: [Discussion] Consider removing business related plainColumn and queryWithCipherColumn in encrypt rule
Posted by "strongduanmu (via GitHub)" <gi...@apache.org>.
strongduanmu commented on issue #25383:
URL: https://github.com/apache/shardingsphere/issues/25383#issuecomment-1534246358
After discussions on the dev mailing list——https://lists.apache.org/thread/ytbbx9hnjzo25w8qxdzgfkc6c47lwz78, most people agreed to cleanup the Encrypt API. In addition, @RaigorJiang also mentioned that storing plaintext in the encryption feature does not meet the security requirements. So, this week I'm going to do a cleanup of the Encrypt API.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] strongduanmu commented on issue #25383: [Discussion] Consider removing business related plainColumn and queryWithCipherColumn in encrypt rule
Posted by "strongduanmu (via GitHub)" <gi...@apache.org>.
strongduanmu commented on issue #25383:
URL: https://github.com/apache/shardingsphere/issues/25383#issuecomment-1538004021
All tasks have been completed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] strongduanmu commented on issue #25383: [Discussion] Consider removing business related plainColumn and queryWithCipherColumn in encrypt rule
Posted by "strongduanmu (via GitHub)" <gi...@apache.org>.
strongduanmu commented on issue #25383:
URL: https://github.com/apache/shardingsphere/issues/25383#issuecomment-1537034430
> @strongduanmu For this task, the [DistSQL](https://shardingsphere.apache.org/document/current/en/user-manual/shardingsphere-proxy/distsql/syntax/rdl/rule-definition/encrypt/create-encrypt-rule/) syntax also needs to be adjusted accordingly.
Yes, I will remove these columns in DistSQL.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] tuichenchuxin commented on issue #25383: [Discussion] Consider removing business related plainColumn and queryWithCipherColumn in encrypt rule
Posted by "tuichenchuxin (via GitHub)" <gi...@apache.org>.
tuichenchuxin commented on issue #25383:
URL: https://github.com/apache/shardingsphere/issues/25383#issuecomment-1533946410
+1
After removal, it will be more concise and easy to maintain。
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org