You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shardingsphere.apache.org by pa...@apache.org on 2021/11/01 11:27:03 UTC
[shardingsphere] branch master updated: Update encrypt document
(#13395)
This is an automated email from the ASF dual-hosted git repository.
panjuan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new 23fb662 Update encrypt document (#13395)
23fb662 is described below
commit 23fb6627e92ddb35440828f32959a008d046bfbe
Author: Liang Zhang <te...@163.com>
AuthorDate: Mon Nov 1 19:26:24 2021 +0800
Update encrypt document (#13395)
* Update encrypt index
* Update encrypt Use Norms
* Add Concept for encrypt
---
docs/document/content/features/encrypt/_index.cn.md | 9 +++++----
docs/document/content/features/encrypt/_index.en.md | 4 ++--
docs/document/content/features/encrypt/concept.cn.md | 19 ++++++++++++++++++-
docs/document/content/features/encrypt/concept.en.md | 19 ++++++++++++++++++-
.../document/content/features/encrypt/use-norms.cn.md | 12 +++++-------
.../document/content/features/encrypt/use-norms.en.md | 12 +++++-------
6 files changed, 53 insertions(+), 22 deletions(-)
diff --git a/docs/document/content/features/encrypt/_index.cn.md b/docs/document/content/features/encrypt/_index.cn.md
index cc4dfc2..ca6b0b1 100644
--- a/docs/document/content/features/encrypt/_index.cn.md
+++ b/docs/document/content/features/encrypt/_index.cn.md
@@ -7,7 +7,8 @@ chapter = true
## 背景
-安全控制一直是治理的重要环节,数据加密属于安全控制的范畴。无论对互联网公司还是传统行业来说,数据安全一直是极为重视和敏感的话题。
+安全控制一直是治理的重要环节,数据加密属于安全控制的范畴。
+无论对互联网公司还是传统行业来说,数据安全一直是极为重视和敏感的话题。
数据加密是指对某些敏感信息通过加密规则进行数据的变形,实现敏感隐私数据的可靠保护。
涉及客户安全数据或者一些商业性敏感数据,如身份证号、手机号、卡号、客户号等个人信息按照相关部门规定,都需要进行数据加密。
@@ -18,9 +19,9 @@ chapter = true
2. 已上线业务,之前一直将明文存储在数据库中。相关部门突然需要对已上线业务进行加密整改。这种场景一般需要处理 3 个问题:
* 历史数据需要如何进行加密处理,即洗数。
-* 如何能在不改动业务SQL和逻辑情况下,将新增数据进行加密处理,并存储到数据库;在使用时,再进行解密取出。
+* 如何能在不改动业务 SQL 和逻辑情况下,将新增数据进行加密处理,并存储到数据库;在使用时,再进行解密取出。
* 如何较为安全、无缝、透明化地实现业务系统在明文与密文数据间的迁移。
-
+
## 挑战
在真实业务场景中,相关业务开发团队则往往需要针对公司安全部门需求,自行实行并维护一套加解密系统。
@@ -29,4 +30,4 @@ chapter = true
## 目标
-**根据业界对加密的需求及业务改造痛点,提供了一套完整、安全、透明化、低改造成本的数据加密整合解决方案,是Apache ShardingSphere 数据加密模块的主要设计目标。**
+**根据业界对加密的需求及业务改造痛点,提供了一套完整、安全、透明化、低改造成本的数据加密整合解决方案,是 Apache ShardingSphere 数据加密模块的主要设计目标。**
diff --git a/docs/document/content/features/encrypt/_index.en.md b/docs/document/content/features/encrypt/_index.en.md
index cafb911..dff3a16 100644
--- a/docs/document/content/features/encrypt/_index.en.md
+++ b/docs/document/content/features/encrypt/_index.en.md
@@ -19,9 +19,9 @@ The demand for data encryption is generally divided into two situations in real
2. For the service has been launched, and plaintext has been stored in the database before. The relevant department suddenly needs to encrypt the data from the on-line business. This scenario generally needs to deal with three issues as followings:
-* How to encrypt the historical data, a.k.a.s clean data.
+* How to encrypt the historical data, a.k.a.s data clean.
* How to encrypt the newly added data and store it in the database without changing the business SQL and logic; then decrypt the taken out data when use it.
-* How to securely, seamlessly and transparently migrate plaintext and ciphertext data between business systems
+* How to securely, seamlessly and transparently migrate plaintext and ciphertext data between business systems.
## Challenges
diff --git a/docs/document/content/features/encrypt/concept.cn.md b/docs/document/content/features/encrypt/concept.cn.md
index 50b76fa..a606220 100644
--- a/docs/document/content/features/encrypt/concept.cn.md
+++ b/docs/document/content/features/encrypt/concept.cn.md
@@ -3,4 +3,21 @@ title = "核心概念"
weight = 1
+++
-TODO
\ No newline at end of file
+## 逻辑列
+
+用于计算加解密列的逻辑名称,是 SQL 中列的逻辑标识。
+逻辑列包含密文列(必须)、查询辅助列(可选)和明文列(可选)。
+
+## 密文列
+
+加密后的数据列。
+
+## 查询辅助列
+
+用于查询的辅助列。
+对于一些安全级别更高的非幂等加密算法,提供不可逆的幂等列用于查询。
+
+## 明文列
+
+存储明文的列,用于在加密数据迁移过程中仍旧提供服务。
+在洗数结束后可以删除。
diff --git a/docs/document/content/features/encrypt/concept.en.md b/docs/document/content/features/encrypt/concept.en.md
index d7ea0b7..3323dd6 100644
--- a/docs/document/content/features/encrypt/concept.en.md
+++ b/docs/document/content/features/encrypt/concept.en.md
@@ -3,4 +3,21 @@ title = "Core Concept"
weight = 1
+++
-TODO
\ No newline at end of file
+## Logic Column
+
+Column name used to encryption, it is the logical column identification in SQL.
+It includes cipher column(required), query assistant column(optional) and plain column(optional).
+
+## Cipher Column
+
+Encrypted data column.
+
+## Query Assistant Column
+
+Column used to assistant for query.
+For non-idempotent encryption algorithms with higher security level, irreversible idempotent columns provided for query.
+
+## Plain Column
+
+Column used to persist plain column, for service provided during data encrypting.
+Should remove them after data clean.
diff --git a/docs/document/content/features/encrypt/use-norms.cn.md b/docs/document/content/features/encrypt/use-norms.cn.md
index 4aba848..42e262e 100644
--- a/docs/document/content/features/encrypt/use-norms.cn.md
+++ b/docs/document/content/features/encrypt/use-norms.cn.md
@@ -5,13 +5,11 @@ weight = 2
## 支持项
-* 后端数据库为 MySQL、Oracle、PostgreSQL、SQLServer;
-* 用户需要对数据库表中某个或多个列进行加密(数据加密 & 解密);
-* 兼容所有常用SQL。
+* 对数据库表中某个或多个列进行加解密;
+* 兼容所有常用 SQL。
## 不支持项
-* 用户需要自行处理数据库中原始的存量数据、洗数;
-* 使用加密功能+分库分表功能,部分特殊SQL不支持,请参考[SQL使用规范]( https://shardingsphere.apache.org/document/current/cn/features/sharding/use-norms/sql/);
-* 加密字段无法支持比较操作,如:大于小于、ORDER BY、BETWEEN、LIKE等;
-* 加密字段无法支持计算操作,如:AVG、SUM以及计算表达式。
+* 需自行处理数据库中原始的存量数据;
+* 加密字段无法支持比较操作,如:大于、小于、ORDER BY、BETWEEN、LIKE 等;
+* 加密字段无法支持计算操作,如:AVG、SUM 以及计算表达式。
diff --git a/docs/document/content/features/encrypt/use-norms.en.md b/docs/document/content/features/encrypt/use-norms.en.md
index 0c55c7a..51efcbd 100644
--- a/docs/document/content/features/encrypt/use-norms.en.md
+++ b/docs/document/content/features/encrypt/use-norms.en.md
@@ -5,13 +5,11 @@ weight = 2
## Supported
-* The back-end databases are MySQL, Oracle, PostgreSQL, and SQLServer;
-* The user needs to encrypt one or more columns in the database table (data encryption & decryption);
-* Compatible with all commonly used SQL.
+* Encrypt/decrypt one or more columns in the database table;
+* Compatible with all regular SQL.
## Unsupported
-* Users need to deal with the original inventory data and wash numbers in the database;
-* Use encryption function + sub-database sub-table function, some special SQL is not supported, please refer to [SQL specification]( https://shardingsphere.apache.org/document/current/en/features/sharding/use-norms/sql/);
-* Encryption fields cannot support comparison operations, such as: greater than less than, ORDER BY, BETWEEN, LIKE, etc;
-* Encryption fields cannot support calculation operations, such as AVG, SUM, and calculation expressions.
+* Need to process original inventory data before encryption;
+* The value of encryption columns cannot support comparison, such as: >, <, ORDER BY, BETWEEN, LIKE, etc;
+* The value of encryption columns cannot support calculation, such as AVG, SUM, and calculation expressions.