av激情亚洲男人的天堂国语,日韩欧美精品一中文字幕,无码av一区二区三区无码,国产又色又爽又刺激的a片,国产又色又爽又刺激的a片

數(shù)據(jù)庫密態(tài)等值查詢概述及操作

一、密態(tài)等值查詢概述

隨著企業(yè)數(shù)據(jù)上云,數(shù)據(jù)的安全隱私保護面臨越來越嚴重的挑戰(zhàn)。密態(tài)數(shù)據(jù)庫將解決數(shù)據(jù)整個生命周期中的隱私保護問題,涵蓋網(wǎng)絡傳輸、數(shù)據(jù)存儲以及數(shù)據(jù)運行態(tài);更進一步,密態(tài)數(shù)據(jù)庫可以實現(xiàn)云化場景下的數(shù)據(jù)隱私權限分離,即實現(xiàn)數(shù)據(jù)擁有者和實際數(shù)據(jù)管理者的數(shù)據(jù)讀取能力分離。密態(tài)等值查詢將優(yōu)先解決密文數(shù)據(jù)的等值類查詢問題。密態(tài)等值查詢目前支持客戶端工具 gsql 和 JDBC。接下來分別介紹如何使用客戶端工具執(zhí)行密態(tài)等值查詢的相關操作。

創(chuàng)新互聯(lián)公司是一家專業(yè)提供和靜企業(yè)網(wǎng)站建設,專注與做網(wǎng)站、網(wǎng)站設計、H5高端網(wǎng)站建設、小程序制作等業(yè)務。10年已為和靜眾多企業(yè)、政府機構等服務。創(chuàng)新互聯(lián)專業(yè)網(wǎng)站設計公司優(yōu)惠進行中。

二、使用 gsql 操作密態(tài)數(shù)據(jù)庫

操作步驟

以操作系統(tǒng)用戶 omm 登錄主節(jié)點。

執(zhí)行以下命令打開密態(tài)開關,連接密態(tài)數(shù)據(jù)庫。

gsql -p PORT postgres -r -C

這里,PORT需要替換為實際值。

創(chuàng)建客戶端主密鑰 CMK 和列加密密鑰 CEK。

--創(chuàng)建客戶端加密主密鑰(CMK)
openGauss=# CREATE CLIENT MASTER KEY ImgCMK1 WITH (KEY_STORE = localkms, KEY_PATH = "key_path_value1", ALGORITHM = RSA_2048);
openGauss=# CREATE CLIENT MASTER KEY ImgCMK WITH (KEY_STORE = localkms, KEY_PATH = "key_path_value2", ALGORITHM = RSA_2048);
openGauss=# CREATE COLUMN ENCRYPTION KEY ImgCEK1 WITH VALUES (CLIENT_MASTER_KEY = ImgCMK1, ALGORITHM  = AEAD_AES_256_CBC_HMAC_SHA256);
CREATE COLUMN ENCRYPTION KEY
openGauss=# CREATE COLUMN ENCRYPTION KEY ImgCEK WITH VALUES (CLIENT_MASTER_KEY = ImgCMK, ALGORITHM  = AEAD_AES_256_CBC_HMAC_SHA256);
CREATE COLUMN ENCRYPTION KEY

查詢存儲密鑰信息的系統(tǒng)表結果如下:

openGauss=# SELECT * FROM gs_client_global_keys;
 global_key_name | key_namespace | key_owner | key_acl |        create_date
-----------------+---------------+-----------+---------+----------------------------
 imgcmk1         |          2200 |        10 |         | 2021-04-21 11:04:00.656617
 imgcmk          |          2200 |        10 |         | 2021-04-21 11:04:05.389746
(2 rows)
openGauss=# SELECT column_key_name,column_key_distributed_id ,global_key_id,key_owner  FROM gs_column_keys;
 column_key_name | column_key_distributed_id | global_key_id | key_owner
-----------------+---------------------------+---------------+-----------
 imgcek1         |                 760411027 |         16392 |        10
 imgcek          |                3618369306 |         16398 |        10
(2 rows)

創(chuàng)建加密表:

openGauss=# CREATE TABLE creditcard_info (id_number    int, name         text encrypted with (column_encryption_key = ImgCEK, encryption_type = DETERMINISTIC),
credit_card  varchar(19) encrypted with (column_encryption_key = ImgCEK1, encryption_type = DETERMINISTIC));
NOTICE:  The 'DISTRIBUTE BY' clause is not specified. Using 'id_number' as the distribution column by default.
HINT:  Please use 'DISTRIBUTE BY' clause to specify suitable data distribution column.
CREATE TABLE

查詢表的詳細信息如下,Modifiers 值為 encrypted 則表示該列是加密列。

openGauss=# \d creditcard_info
        Table "public.creditcard_info"
   Column    |       Type        | Modifiers
-------------+-------------------+------------
 id_number   | integer           |
 name        | text              |  encrypted
 credit_card | character varying |  encrypted

向加密表插入數(shù)據(jù)并進行等值查詢。

openGauss=# INSERT INTO creditcard_info VALUES (1,'joe','6217986500001288393');
INSERT 0 1
openGauss=# INSERT INTO creditcard_info VALUES (2, 'joy','6219985678349800033');
INSERT 0 1
openGauss=# select * from creditcard_info where name = 'joe';
 id_number | name |     credit_card
-----------+------+---------------------
         1 | joe  | 6217986500001288393
(1 row)
注意:使用非密態(tài)客戶端查看該加密表數(shù)據(jù)時是密文
openGauss=# select id_number,name from creditcard_info;
 id_number |                                                                         name
-----------+------------------------------------------------------------------------------------------------------------------------------------------------------
         1 | \x011aefabd754ded0a536a96664790622487c4d366d313aecd5839e410a46d29cba96a60e4831000000ee79056a114c9a6c041bb552b78052e912a8b730609142074c63791abebd0d38
         2 | \x011aefabd76853108eb406c0f90e7c773b71648fa6e2b8028cf634b49aec65b4fcfb376f3531000000f7471c8686682de215d09aa87113f6fb03884be2031ef4dd967afc6f7901646b
(2 rows)

(可選)對加密表進行 alter 和 update 操作。

openGauss=# ALTER TABLE creditcard_info ADD COLUMN age int ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = ImgCEK, ENCRYPTION_TYPE = DETERMINISTIC);
ALTER TABLE
openGauss=# \d creditcard_info
        Table "public.creditcard_info"
   Column    |       Type        | Modifiers
-------------+-------------------+------------
 id_number   | integer           |
 name        | text              |  encrypted
 credit_card | character varying |  encrypted
 age         | integer           |  encrypted
openGauss=# ALTER TABLE creditcard_info DROP COLUMN age;
ALTER TABLE
openGauss=# update creditcard_info set credit_card = '80000000011111111' where name = 'joy';
UPDATE 1
openGauss=# select * from creditcard_info  where name = 'joy';
 id_number | name |    credit_card
-----------+------+-------------------
         2 | joy  | 80000000011111111
(1 row)

三、使用 JDBC 操作密態(tài)數(shù)據(jù)庫

連接密態(tài)數(shù)據(jù)庫

連接密態(tài)數(shù)據(jù)庫需要使用驅動包 gsjdbc4.jar,具體 JDBC 連接參數(shù)參考基于 JDBC 開發(fā)章節(jié)介紹。JDBC 支持密態(tài)數(shù)據(jù)庫相關操作,需要設置

enable_ce=1,示例如下:

public static Connection getConnect(String username, String passwd)
    {
        //驅動類。
        String driver = "org.postgresql.Driver";
        //數(shù)據(jù)庫連接描述符。
        String sourceURL = "jdbc:postgresql://10.10.0.13:8000/postgres?enable_ce=1";
        Connection conn = null;
        
        try
        {
            //加載驅動。
            Class.forName(driver);
        }
        catch( Exception e )
        {
            e.printStackTrace();
            return null;
        }
        
        try
        {
             //創(chuàng)建連接。
            conn = DriverManager.getConnection(sourceURL, username, passwd);
            System.out.println("Connection succeed!");
        }
        catch(Exception e)
        {
            e.printStackTrace();
            return null;
        }
        
        return conn;
    };

說明:

  • 【建議】使用 JDBC 操作密態(tài)數(shù)據(jù)庫時,一個數(shù)據(jù)庫連接對象對應一個線程,否則,不同線程變更可能導致沖突。
  • 【建議】使用 JDBC 操作密態(tài)數(shù)據(jù)庫時,不同 connection 對密態(tài)配置數(shù)據(jù)有變更,由客戶端調(diào)用 isvalid 方法保證連接
    能夠持有變更后的密態(tài)配置數(shù)據(jù),此時需要保證參數(shù) refreshClientEncryption 為 1 (默認值為 1),在單客戶端操作密態(tài)數(shù)據(jù)場景下,refreshClientEncryption 參數(shù)可以設置為 0。

調(diào)用 isValid 方法刷新緩存示例

// 創(chuàng)建客戶端主密鑰
Connection conn1 = DriverManager.getConnection("url","user","password");

// conn1通過調(diào)用isValid刷新緩存
try {
 if (!conn1.getConnection().isValid(60)) {
  conn1.getFileWriter().writeLine("isValid Failed for connection 1");
 }
} catch (SQLException e) {
 conn1.getFileWriter().writeLine("isValid Failed with error");
 e.printStackTrace();
}

執(zhí)行密態(tài)等值查詢相關的創(chuàng)建密鑰語句

// 創(chuàng)建客戶端主密鑰
Connection conn = DriverManager.getConnection("url","user","password");
Statement stmt = conn.createStatement();
int rc = stmt.executeUpdate("CREATE CLIENT MASTER KEY ImgCMK1 WITH ( KEY_STORE = gs_ktool, KEY_PATH = \"gs_ktool/1\", ALGORITHM = AES_256_CBC;"); 
int rc = stmt.executeUpdate("CREATE CLIENT MASTER KEY ImgCMK1 WITH ( KEY_STORE = localkms, KEY_PATH = \"key_path_value\" , ALGORITHM = RSA_2048);

說明: 創(chuàng)建密鑰之前需要使用 gs_ktool 工具提前生成密鑰,才能創(chuàng)建 CMK 成功。

// 創(chuàng)建列加密密鑰
int rc2 = stmt.executeUpdate("CREATE COLUMN ENCRYPTION KEY ImgCEK1 WITH VALUES (CLIENT_MASTER_KEY = ImgCMK1, ALGORITHM  = AEAD_AES_256_CBC_HMAC_SHA256);");

執(zhí)行密態(tài)等值查詢相關的創(chuàng)建加密表的語句

int rc3 = stmt.executeUpdate("CREATE TABLE creditcard_info (id_number    int, name  varchar(50) encrypted with (column_encryption_key = ImgCEK1, encryption_type = DETERMINISTIC),credit_card  varchar(19) encrypted with (column_encryption_key = ImgCEK1, encryption_type = DETERMINISTIC));");
// 插入數(shù)據(jù)
int rc4 = stmt.executeUpdate("INSERT INTO creditcard_info VALUES (1,'joe','6217986500001288393');");
// 查詢加密表
ResultSet rs = null;
rs = stmt.executeQuery("select * from creditcard_info where name = 'joe';");
// 關閉語句對象
stmt.close();

執(zhí)行加密表的預編譯 SQL 語句

// 調(diào)用Connection的prepareStatement方法創(chuàng)建預編譯語句對象。
PreparedStatement pstmt = con.prepareStatement("INSERT INTO creditcard_info VALUES (?, ?, ?);");
// 調(diào)用PreparedStatement的setShort設置參數(shù)。
pstmt.setInt(1, 2);
pstmt.setString(2, "joy");
pstmt.setString(3, "6219985678349800033");
// 調(diào)用PreparedStatement的executeUpdate方法執(zhí)行預編譯SQL語句。
int rowcount = pstmt.executeUpdate();
// 調(diào)用PreparedStatement的close方法關閉預編譯語句對象。
pstmt.close();

執(zhí)行加密表的批處理操作

// 調(diào)用Connection的prepareStatement方法創(chuàng)建預編譯語句對象。
Connection conn = DriverManager.getConnection("url","user","password");
PreparedStatement pstmt = conn.prepareStatement("INSERT INTO batch_table (id, name, address) VALUES (?,?,?)");
// 針對每條數(shù)據(jù)都要調(diào)用setShort設置參數(shù),以及調(diào)用addBatch確認該條設置完畢。
int loopCount = 20;
 for (int i = 1; i < loopCount + 1; ++i) {
      statemnet.setInt(1, i);
      statemnet.setString(2, "Name " + i);
      statemnet.setString(3, "Address " + i);
      // Add row to the batch.
      statemnet.addBatch();
}
// 調(diào)用PreparedStatement的executeBatch方法執(zhí)行批處理。
int[] rowcount = pstmt.executeBatch();
// 調(diào)用PreparedStatement的close方法關閉預編譯語句對象。
pstmt.close();

分享名稱:數(shù)據(jù)庫密態(tài)等值查詢概述及操作
文章地址:http://uogjgqi.cn/article/dpcgdhc.html
掃二維碼與項目經(jīng)理溝通

我們在微信上24小時期待你的聲音

解答本文疑問/技術咨詢/運營咨詢/技術建議/互聯(lián)網(wǎng)交流