You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shardingsphere.apache.org by Zhengqiang Duan <du...@apache.org> on 2023/04/28 03:25:39 UTC
[Discussion] Consider removing business related plainColumn and queryWithCipherColumn in encrypt rule
Hi community,
Currently, ShardingSphere encrypt rule contains many configuration items,
the complete configuration items are as follows.
rules:
- !ENCRYPT
tables:
<table_name> (+): # Encrypt table name
columns:
<column_name> (+): # Encrypt logic column name
plainColumn (?): # Plain column name
cipherColumn: # Cipher column name
encryptorName: # Cipher encrypt algorithm name
assistedQueryColumn (?): # Assisted query column name
assistedQueryEncryptorName: # Assisted query encrypt algorithm
name
likeQueryColumn (?): # Like query column name
likeQueryEncryptorName: # Like query encrypt algorithm name
queryWithCipherColumn(?): # The current table whether query with
cipher column for data encrypt.
# Encrypt algorithm configuration
encryptors:
<encrypt_algorithm_name> (+): # Encrypt algorithm name
type: # Encrypt algorithm type
props: # Encrypt algorithm properties
# ...
queryWithCipherColumn: # Whether query with cipher column for data
encrypt. User you can use plaintext to query if have
Some of configuration items are necessary for encrypt feature, such as:
cipherColumn, encryptorName, assistedQueryColumn,
assistedQueryEncryptorName, likeQueryColumn and likeQueryEncryptorName.
These configuration items allow users to configure encrypt columns and
encrypt algorithms.
Some other configuration items, such as plainColumn and different levels of
queryWithCipherColumn, have nothing to do with the encrypt feature, but
only to meet the switching of business traffic. Maintaining plainColumn and
different levels of queryWithCipherColumn has brought great challenges to
ShardingSphere, resulting in too complicated SQL rewriting logic.
Currently, encrypt SQL rewriting logic is already very complicated.
In order to improve the maintainability of the encrypt feature, it is time
to simplify the encrypt configuration and remove plainColumn and
queryWithCipherColumn. The work of switching business traffic is handed
over to users themselves, while ShardingSphere focuses on increasing the
core capabilities of encrypt.
Everyone is welcome to participate in the discussion and express their
views. Thank you.
For more details, you can also refer github issue -
https://github.com/apache/shardingsphere/issues/25383.
Best regards,
Zhengqiang
——————————————————————
Zhengqiang Duan (duanzhengqiang@apache.org)
Apache ShardingSphere PMC
GitHub@strongduanmu
Re: [Discussion] Consider removing business related plainColumn and queryWithCipherColumn in encrypt rule
Posted by Zhengqiang Duan <du...@apache.org>.
Thank you very much for your reply. This week, I will simplify the Encrypt
API.
Best regards,
Zhengqiang
——————————————————————
Zhengqiang Duan (duanzhengqiang@apache.org)
Apache ShardingSphere PMC
GitHub@strongduanmu
Longtao Jiang <ji...@apache.org> 于2023年5月4日周四 13:59写道:
> +1, Preserving the plaintext while preserving the ciphertext is indeed
> against the security norm.
>
> ——————————————————————
> Longtao Jiang
> Apache ShardingSphere Committer
> GitHub@RaigorJiang
>
>
> On 2023/04/28 03:25:39 Zhengqiang Duan wrote:
> > Hi community,
> >
> > Currently, ShardingSphere encrypt rule contains many configuration items,
> > the complete configuration items are as follows.
> >
> > rules:
> > - !ENCRYPT
> > tables:
> > <table_name> (+): # Encrypt table name
> > columns:
> > <column_name> (+): # Encrypt logic column name
> > plainColumn (?): # Plain column name
> > cipherColumn: # Cipher column name
> > encryptorName: # Cipher encrypt algorithm name
> > assistedQueryColumn (?): # Assisted query column name
> > assistedQueryEncryptorName: # Assisted query encrypt algorithm
> > name
> > likeQueryColumn (?): # Like query column name
> > likeQueryEncryptorName: # Like query encrypt algorithm name
> > queryWithCipherColumn(?): # The current table whether query with
> > cipher column for data encrypt.
> >
> > # Encrypt algorithm configuration
> > encryptors:
> > <encrypt_algorithm_name> (+): # Encrypt algorithm name
> > type: # Encrypt algorithm type
> > props: # Encrypt algorithm properties
> > # ...
> >
> > queryWithCipherColumn: # Whether query with cipher column for data
> > encrypt. User you can use plaintext to query if have
> > Some of configuration items are necessary for encrypt feature, such as:
> > cipherColumn, encryptorName, assistedQueryColumn,
> > assistedQueryEncryptorName, likeQueryColumn and likeQueryEncryptorName.
> > These configuration items allow users to configure encrypt columns and
> > encrypt algorithms.
> >
> > Some other configuration items, such as plainColumn and different levels
> of
> > queryWithCipherColumn, have nothing to do with the encrypt feature, but
> > only to meet the switching of business traffic. Maintaining plainColumn
> and
> > different levels of queryWithCipherColumn has brought great challenges to
> > ShardingSphere, resulting in too complicated SQL rewriting logic.
> > Currently, encrypt SQL rewriting logic is already very complicated.
> >
> > In order to improve the maintainability of the encrypt feature, it is
> time
> > to simplify the encrypt configuration and remove plainColumn and
> > queryWithCipherColumn. The work of switching business traffic is handed
> > over to users themselves, while ShardingSphere focuses on increasing the
> > core capabilities of encrypt.
> >
> > Everyone is welcome to participate in the discussion and express their
> > views. Thank you.
> >
> > For more details, you can also refer github issue -
> > https://github.com/apache/shardingsphere/issues/25383.
> >
> > Best regards,
> > Zhengqiang
> > ——————————————————————
> > Zhengqiang Duan (duanzhengqiang@apache.org)
> > Apache ShardingSphere PMC
> > GitHub@strongduanmu
> >
>
Re: [Discussion] Consider removing business related plainColumn and queryWithCipherColumn in encrypt rule
Posted by Longtao Jiang <ji...@apache.org>.
+1, Preserving the plaintext while preserving the ciphertext is indeed against the security norm.
——————————————————————
Longtao Jiang
Apache ShardingSphere Committer
GitHub@RaigorJiang
On 2023/04/28 03:25:39 Zhengqiang Duan wrote:
> Hi community,
>
> Currently, ShardingSphere encrypt rule contains many configuration items,
> the complete configuration items are as follows.
>
> rules:
> - !ENCRYPT
> tables:
> <table_name> (+): # Encrypt table name
> columns:
> <column_name> (+): # Encrypt logic column name
> plainColumn (?): # Plain column name
> cipherColumn: # Cipher column name
> encryptorName: # Cipher encrypt algorithm name
> assistedQueryColumn (?): # Assisted query column name
> assistedQueryEncryptorName: # Assisted query encrypt algorithm
> name
> likeQueryColumn (?): # Like query column name
> likeQueryEncryptorName: # Like query encrypt algorithm name
> queryWithCipherColumn(?): # The current table whether query with
> cipher column for data encrypt.
>
> # Encrypt algorithm configuration
> encryptors:
> <encrypt_algorithm_name> (+): # Encrypt algorithm name
> type: # Encrypt algorithm type
> props: # Encrypt algorithm properties
> # ...
>
> queryWithCipherColumn: # Whether query with cipher column for data
> encrypt. User you can use plaintext to query if have
> Some of configuration items are necessary for encrypt feature, such as:
> cipherColumn, encryptorName, assistedQueryColumn,
> assistedQueryEncryptorName, likeQueryColumn and likeQueryEncryptorName.
> These configuration items allow users to configure encrypt columns and
> encrypt algorithms.
>
> Some other configuration items, such as plainColumn and different levels of
> queryWithCipherColumn, have nothing to do with the encrypt feature, but
> only to meet the switching of business traffic. Maintaining plainColumn and
> different levels of queryWithCipherColumn has brought great challenges to
> ShardingSphere, resulting in too complicated SQL rewriting logic.
> Currently, encrypt SQL rewriting logic is already very complicated.
>
> In order to improve the maintainability of the encrypt feature, it is time
> to simplify the encrypt configuration and remove plainColumn and
> queryWithCipherColumn. The work of switching business traffic is handed
> over to users themselves, while ShardingSphere focuses on increasing the
> core capabilities of encrypt.
>
> Everyone is welcome to participate in the discussion and express their
> views. Thank you.
>
> For more details, you can also refer github issue -
> https://github.com/apache/shardingsphere/issues/25383.
>
> Best regards,
> Zhengqiang
> ——————————————————————
> Zhengqiang Duan (duanzhengqiang@apache.org)
> Apache ShardingSphere PMC
> GitHub@strongduanmu
>
Re: [Discussion] Consider removing business related plainColumn and queryWithCipherColumn in encrypt rule
Posted by Jinchao Zhao <zh...@apache.org>.
I agree, we should make ShardingSphere as lightweight as possible.
On 2023/04/28 03:25:39 Zhengqiang Duan wrote:
> Hi community,
>
> Currently, ShardingSphere encrypt rule contains many configuration items,
> the complete configuration items are as follows.
>
> rules:
> - !ENCRYPT
> tables:
> <table_name> (+): # Encrypt table name
> columns:
> <column_name> (+): # Encrypt logic column name
> plainColumn (?): # Plain column name
> cipherColumn: # Cipher column name
> encryptorName: # Cipher encrypt algorithm name
> assistedQueryColumn (?): # Assisted query column name
> assistedQueryEncryptorName: # Assisted query encrypt algorithm
> name
> likeQueryColumn (?): # Like query column name
> likeQueryEncryptorName: # Like query encrypt algorithm name
> queryWithCipherColumn(?): # The current table whether query with
> cipher column for data encrypt.
>
> # Encrypt algorithm configuration
> encryptors:
> <encrypt_algorithm_name> (+): # Encrypt algorithm name
> type: # Encrypt algorithm type
> props: # Encrypt algorithm properties
> # ...
>
> queryWithCipherColumn: # Whether query with cipher column for data
> encrypt. User you can use plaintext to query if have
> Some of configuration items are necessary for encrypt feature, such as:
> cipherColumn, encryptorName, assistedQueryColumn,
> assistedQueryEncryptorName, likeQueryColumn and likeQueryEncryptorName.
> These configuration items allow users to configure encrypt columns and
> encrypt algorithms.
>
> Some other configuration items, such as plainColumn and different levels of
> queryWithCipherColumn, have nothing to do with the encrypt feature, but
> only to meet the switching of business traffic. Maintaining plainColumn and
> different levels of queryWithCipherColumn has brought great challenges to
> ShardingSphere, resulting in too complicated SQL rewriting logic.
> Currently, encrypt SQL rewriting logic is already very complicated.
>
> In order to improve the maintainability of the encrypt feature, it is time
> to simplify the encrypt configuration and remove plainColumn and
> queryWithCipherColumn. The work of switching business traffic is handed
> over to users themselves, while ShardingSphere focuses on increasing the
> core capabilities of encrypt.
>
> Everyone is welcome to participate in the discussion and express their
> views. Thank you.
>
> For more details, you can also refer github issue -
> https://github.com/apache/shardingsphere/issues/25383.
>
> Best regards,
> Zhengqiang
> ——————————————————————
> Zhengqiang Duan (duanzhengqiang@apache.org)
> Apache ShardingSphere PMC
> GitHub@strongduanmu
>
Re: [Discussion] Consider removing business related plainColumn and queryWithCipherColumn in encrypt rule
Posted by Hongsheng Zhong <zh...@apache.org>.
+1
For better responsibility isolation and maintainance, and yaml configuration could focus on goal description.
On 2023/04/28 03:25:39 Zhengqiang Duan wrote:
> Hi community,
>
> Currently, ShardingSphere encrypt rule contains many configuration items,
> the complete configuration items are as follows.
>
> rules:
> - !ENCRYPT
> tables:
> <table_name> (+): # Encrypt table name
> columns:
> <column_name> (+): # Encrypt logic column name
> plainColumn (?): # Plain column name
> cipherColumn: # Cipher column name
> encryptorName: # Cipher encrypt algorithm name
> assistedQueryColumn (?): # Assisted query column name
> assistedQueryEncryptorName: # Assisted query encrypt algorithm
> name
> likeQueryColumn (?): # Like query column name
> likeQueryEncryptorName: # Like query encrypt algorithm name
> queryWithCipherColumn(?): # The current table whether query with
> cipher column for data encrypt.
>
> # Encrypt algorithm configuration
> encryptors:
> <encrypt_algorithm_name> (+): # Encrypt algorithm name
> type: # Encrypt algorithm type
> props: # Encrypt algorithm properties
> # ...
>
> queryWithCipherColumn: # Whether query with cipher column for data
> encrypt. User you can use plaintext to query if have
> Some of configuration items are necessary for encrypt feature, such as:
> cipherColumn, encryptorName, assistedQueryColumn,
> assistedQueryEncryptorName, likeQueryColumn and likeQueryEncryptorName.
> These configuration items allow users to configure encrypt columns and
> encrypt algorithms.
>
> Some other configuration items, such as plainColumn and different levels of
> queryWithCipherColumn, have nothing to do with the encrypt feature, but
> only to meet the switching of business traffic. Maintaining plainColumn and
> different levels of queryWithCipherColumn has brought great challenges to
> ShardingSphere, resulting in too complicated SQL rewriting logic.
> Currently, encrypt SQL rewriting logic is already very complicated.
>
> In order to improve the maintainability of the encrypt feature, it is time
> to simplify the encrypt configuration and remove plainColumn and
> queryWithCipherColumn. The work of switching business traffic is handed
> over to users themselves, while ShardingSphere focuses on increasing the
> core capabilities of encrypt.
>
> Everyone is welcome to participate in the discussion and express their
> views. Thank you.
>
> For more details, you can also refer github issue -
> https://github.com/apache/shardingsphere/issues/25383.
>
> Best regards,
> Zhengqiang
> ——————————————————————
> Zhengqiang Duan (duanzhengqiang@apache.org)
> Apache ShardingSphere PMC
> GitHub@strongduanmu
>