Thank you very much for your reply. This week, I will simplify the Encrypt API.
Best regards, Zhengqiang —————————————————————— Zhengqiang Duan ([email protected]) Apache ShardingSphere PMC GitHub@strongduanmu Longtao Jiang <[email protected]> 于2023年5月4日周四 13:59写道: > +1, Preserving the plaintext while preserving the ciphertext is indeed > against the security norm. > > —————————————————————— > Longtao Jiang > Apache ShardingSphere Committer > GitHub@RaigorJiang > > > On 2023/04/28 03:25:39 Zhengqiang Duan wrote: > > Hi community, > > > > Currently, ShardingSphere encrypt rule contains many configuration items, > > the complete configuration items are as follows. > > > > rules: > > - !ENCRYPT > > tables: > > <table_name> (+): # Encrypt table name > > columns: > > <column_name> (+): # Encrypt logic column name > > plainColumn (?): # Plain column name > > cipherColumn: # Cipher column name > > encryptorName: # Cipher encrypt algorithm name > > assistedQueryColumn (?): # Assisted query column name > > assistedQueryEncryptorName: # Assisted query encrypt algorithm > > name > > likeQueryColumn (?): # Like query column name > > likeQueryEncryptorName: # Like query encrypt algorithm name > > queryWithCipherColumn(?): # The current table whether query with > > cipher column for data encrypt. > > > > # Encrypt algorithm configuration > > encryptors: > > <encrypt_algorithm_name> (+): # Encrypt algorithm name > > type: # Encrypt algorithm type > > props: # Encrypt algorithm properties > > # ... > > > > queryWithCipherColumn: # Whether query with cipher column for data > > encrypt. User you can use plaintext to query if have > > Some of configuration items are necessary for encrypt feature, such as: > > cipherColumn, encryptorName, assistedQueryColumn, > > assistedQueryEncryptorName, likeQueryColumn and likeQueryEncryptorName. > > These configuration items allow users to configure encrypt columns and > > encrypt algorithms. > > > > Some other configuration items, such as plainColumn and different levels > of > > queryWithCipherColumn, have nothing to do with the encrypt feature, but > > only to meet the switching of business traffic. Maintaining plainColumn > and > > different levels of queryWithCipherColumn has brought great challenges to > > ShardingSphere, resulting in too complicated SQL rewriting logic. > > Currently, encrypt SQL rewriting logic is already very complicated. > > > > In order to improve the maintainability of the encrypt feature, it is > time > > to simplify the encrypt configuration and remove plainColumn and > > queryWithCipherColumn. The work of switching business traffic is handed > > over to users themselves, while ShardingSphere focuses on increasing the > > core capabilities of encrypt. > > > > Everyone is welcome to participate in the discussion and express their > > views. Thank you. > > > > For more details, you can also refer github issue - > > https://github.com/apache/shardingsphere/issues/25383. > > > > Best regards, > > Zhengqiang > > —————————————————————— > > Zhengqiang Duan ([email protected]) > > Apache ShardingSphere PMC > > GitHub@strongduanmu > > >
