检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Emails are encrypted before storage. Access Control Only users having the DBSS System Administrator permission can configure email notifications. Users can view only their own emails.
AK/SK authentication: Requests are encrypted using AK/SK pairs. This method is recommended because it provides higher security than token-based authentication. Access Control DBSS supports access control through IAM permissions.
Reasons for Not Encryptable If the table cannot be encrypted, the system displays the reason why the table cannot be encrypted. Sensitive Data Discovery Time when sensitive data is discovered.
Authorized users can access encrypted data, but unauthorized users cannot access encrypted data. This effectively prevents administrators from accessing the database without authorization and hackers from dragging the database.
Ciphertext fuzzy query Encrypted fuzzy queries can be performed properly without any service adaptation, thereby enhancing service compatibility.
The data table information is plaintext information (data is not encrypted or user authorization is performed after encryption) before masking, as shown in Figure 1.
table INSERT permission of the encrypted table ALTER permission of the encrypted table HighGO pg_catalog.pg_class pg_catalog.pg_index pg_catalog.pg_user pg_catalog.pg_indexes information_schema.columns information_schema.sequences information_schema.tables pg_catalog.pg_sequence
If the data in the data table is encrypted and also masked, the following will occur based on different scenarios: If the user is authorized, the masked data is returned. If the user is not authorized, the ciphertext data which is not masked is returned.
AK/SK authentication: Requests are encrypted using AK/SK pairs. This method is recommended because it provides higher security than token-based authentication. Token-based Authentication The validity period of a token is 24 hours.
After data is encrypted, the data will be changed from Chinese characters, English letters, or numbers to hexadecimal strings. As a result, some SQL statements that can be executed before may fail to be executed after data encryption.
Figure 11 Analysis and suggestions The service test result shows that if the database table is encrypted, the SQL statement running of the service is affected. Therefore, you are not advised to encrypt the database table.
The database to be encrypted and accessed must be in the same region as the purchased instance. Procedure Log in to the management console. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
