检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Typical Configuration of the Decryption Function After database assets are encrypted, they do not need to be encrypted if services are changed. In this case, you need to restore the database table by using the decryption function and the table structure rollback function.
Figure 13 Encrypted data Parent topic: System Function Configuration and Application Scenario Examples
The query result is encrypted data, as shown in Figure 5. Figure 5 Encrypted data Parent topic: Sensitive Data Discovery
Prerequisites The table to be decrypted has been encrypted in the encryption task, that is, Configuring an Encryption Task has been completed. Procedure Log in to a database encryption and access control instance as the sysadmin user.
In the list, view the list of encrypted tables. You can search for the target encrypted table by schema and table name. Locate the target encrypted table and click Edit Non-encrypted Column. In the displayed page, click Add Column.
Authorized users can access encrypted data, but unauthorized users cannot access encrypted data. This effectively prevents administrators from accessing the database without authorization and hackers from dragging the database.
Ciphertext fuzzy query Encrypted fuzzy queries can be performed properly without any service adaptation, thereby enhancing service compatibility.
The data table information is plaintext information (data is not encrypted or user authorization is performed after encryption) before masking, as shown in Figure 1.
/Recommended Maximum Encrypted Columns Number of encrypted columns and the allowed maximum Number of Columns Masked/Recommended Maximum Masked Columns Maximum number of masked columns and the current number of masked columns Bypass Plugin Count Allowed number of bypass services Parent
A user whose IP address is 192.168.0.105 can only view encrypted data when accessing the database uses non-WordPress in proxy mode. A user whose IP address is 192.168.3.105 can only view encrypted data when accessing the database uses WordPress in proxy mode.
Authorized users can access encrypted data, but unauthorized users cannot access encrypted data. This effectively prevents administrators from accessing the database without authorization and hackers from dragging the database.
AK/SK authentication: Requests are encrypted using AK/SK pairs. This method is recommended because it provides higher security than token-based authentication. Access Control DBSS supports access control through IAM permissions.
Reasons for Not Encryptable If the table cannot be encrypted, the system displays the reason why the table cannot be encrypted. Sensitive Data Discovery Time when sensitive data is discovered.
It is encrypted by RK for storage. Data encryption key (DEK) Generated during initialization when an encryption task is added. It is encrypted by DSK for storage. Procedure Log in to database encryption and access control.
Sensitive Data Discovery Scanning Sensitive Data in Assets Viewing the Execution Result of a Scan Task Creating an Encrypted Task in the Result Creating a Masking Rule in the Result Adding a User-Defined Data Type Adding an Industry Template Parent topic: System administrator operation
table INSERT permission of the encrypted table ALTER permission of the encrypted table HighGO pg_catalog.pg_class pg_catalog.pg_index pg_catalog.pg_user pg_catalog.pg_indexes information_schema.columns information_schema.sequences information_schema.tables pg_catalog.pg_sequence
Figure 3 Encryption task After the encryption is complete, only encrypted data can be queried by unauthorized users. Figure 4 Encrypted data Related Operations In the task list, you can manage encrypted tasks.
If the data in the data table is encrypted and also masked, the following will occur based on different scenarios: If the user is authorized, the masked data is returned. If the user is not authorized, the ciphertext data which is not masked is returned.
Configuring a Decryption Task If the database does not need to be encrypted, you can configure a decryption task. After decryption is configured, the information in the corresponding database column changes to the plaintext data.
Emails are encrypted before storage. Access Control Only users having the DBSS System Administrator permission can configure email notifications. Users can view only their own emails.
