检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Compared with the PG driver, the GaussDB JDBC driver has the following enhanced features: SHA-256 is supported for encrypted login. The third-party log framework that implements the sf4j API can be connected. Distributed load balancing at the connection level is supported.
- -k, --with-key=KEY Uses gsql to decrypt imported encrypted files.
- -k, --with-key=KEY Uses gsql to decrypt imported encrypted files.
To enable the basic capability of encrypted equality query, change the value to 1.
Default value: postgresql enable_ce Specifies the encrypted equality query capability.
You can run the SHOW command to check whether the parameters are set successfully. enable_ce Encrypted database function. enable_ce=1 indicates that the Go driver supports the basic capability of encrypted equality query.
database. 1 2 3 4 Prerequisites: You have set the parameters and used the CREATE CLIENT MASTER KEY syntax to create a master key named MyCMK1 by referring to "Setting Encrypted Equality Queries" in Feature Guide.
Precautions Currently, you can change only the permissions for tables (including views), sequences, functions, client master keys of encrypted databases, column encryption keys, and types.
Table 3 SQL statements for defining a CMK Function SQL Statement Creating a CMK CREATE CLIENT MASTER KEY Dropping a CMK DROP CLIENT MASTER KEY Defining a Column Encryption Key (CEK) CEKs are used to encrypt data for the encrypted database feature.
CMKs are used to encrypt column encryption keys (CEKs) for the encrypted database feature. CMK definition includes creating and deleting a CMK. For details about related SQL statements, see Table 3.
Connect to an encrypted database. 1 2 3 4 5 6 -- Use the -C parameter to enable the encrypted database function. gsql -p 57101 gaussdb -r -C gaussdb=# CREATE CLIENT MASTER KEY MyCMK1 WITH ( KEY_STORE = xxx, KEY_PATH = xxx, ALGORITHM = AES_256_CBC); CREATE CLIENT MASTER KEY gaussdb
Connect to an encrypted database. 1 2 3 4 5 6 -- Use the -C parameter to enable the encrypted database function. gsql -p 57101 postgres -r -C gaussdb=# CREATE CLIENT MASTER KEY MyCMK1 WITH ( KEY_STORE = xxx , KEY_PATH = xxx , ALGORITHM = AES_256_CBC); CREATE CLIENT MASTER KEY gaussdb
table. 1 2 3 4 5 6 7 8 gaussdb=# SET SESSION AUTHORIZATION newuser PASSWORD '********'; gaussdb=> CREATE TABLE acltest1 (x int, x2 varchar(50) ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = MyCEK1, ENCRYPTION_TYPE = DETERMINISTIC)); CREATE TABLE gaussdb=> SELECT has_cek_privilege('newuser
Precautions Currently, you can change only the permissions for tables (including views), sequences, functions, types, CMKs of encrypted databases, and CEKs.
Compared with the PG driver, the GaussDB JDBC driver has the following enhanced features: SHA-256 is supported for encrypted login. The third-party log framework that implements the sf4j API can be connected. DR failover is supported.
Precautions Currently, you can change only the permissions for tables (including views), sequences, functions, client master keys of encrypted databases, column encryption keys, and types.
COLUMN_ENCRYPTION_KEY = column_encryption_key Specifies the name of the column encryption key in the ENCRYPTED WITH constraint. Value range: a string. It must comply with the Identifier Naming Conventions.
Precautions Currently, you can change only the permissions for tables (including views), sequences, functions, types, client master keys of encrypted databases, and column encryption keys.
Compared with the PG driver, the GaussDB JDBC driver has the following enhanced features: SHA-256 is supported for encrypted login. The third-party log framework that implements the sf4j API can be connected. DR failover is supported.
GaussDB JDBC driver has the following enhanced features: SHA-256 is supported for encrypted login. The third-party log framework that implements the sf4j API can be connected. DR failover is supported.
