tristaZero commented on a change in pull request #101: Sharding-JDBC manual modification URL: https://github.com/apache/incubator-shardingsphere-doc/pull/101#discussion_r267265012
########## File path: document/current/content/features/orchestration/encrypt.en.md ########## @@ -1,15 +1,42 @@ +++ pre = "<b>3.3.5. </b>" toc = true -title = "Data Masking" +title = "Data Desensitization" weight = 5 + +++ ## Background -TODO -## Solutions +Security control has always been a crucial link of data orchestration; data desensitization falls into this category. For both Internet enterprises and traditional sectors, data security has always been a highly focused and sensitive topic. Data desensitization refers to transforming some sensitive information through desensitization rules to safely protect the private data. Data that involves client security or business sensibility, such as ID number, phone number, card number, client number and other personal information, is required of data desensitization according to relevant regulations. + +Because of that, ShardingSphere has provided the function of data desensitization, which stores users' sensitive information in the database after encryption. When users search for them, they will be decrypted and returned to users as the original data. It has the encryption and decryption processes totally transparent to users, who can store desensitized data and acquire original data without any awareness. In addition, ShardingSphere has provided internal desensitization algorithm, which can directly used by users. In the same time, we have also provided desensitization algorithm related interfaces, which can be implemented by users themselves. Then, after simple configurations, ShardingSphere can use algorithms provided by users to perform encryption, decryption and desensitization operations. + +## Solution + +ShardingSphere has provided two data desensitization solutions, corresponding to two ShardingSphere encryption and decryption interfaces, i.e., `ShardingEncryptor` and `ShardingQueryAssistedEncryptor`. + +On the one hand, ShardingSphere has provided internal encryption and decryption implementations for users, which can be used by them only after configuration. On the other hand, to satisfy users' requirements for different scenarios, we have also opened relevant encryption and decryption interfaces, according to which users can provide specific implementation types. Then, after simple configurations, ShardingSphere can use encryption and decryption solutions defined by users themselves to desensitize data. ### ShardingEncryptor +The solution has provided two methods, `encrypt()` and `decrypt()`, to encrypt and decrypt data to be desensitized. + +When users perform `INSERT`, `DELETE` and `UPDATE` operations, ShardingSphere will parse, rewrite and route SQL. It will also use `encrypt()` to encrypt data and store them in the database. When using `SELECT`, they will reversely decrypt sensitive data from the database with `decrypt()` and return them to users at last. +Currently, ShardingSphere has provided two implementation types for this kind of desensitization solution, MD5 (irreversible) and AES (reversible), which can be used only after users' configuration. Review comment: `Currently, ShardingSphere has provided two implementation types ` ---> `Currently, ShardingSphere has provided two implementations ` `MD5 (irreversible) and AES (reversible)` --->`MD5 (Digital Fingerprint) and AES (Symmetric Cryptography)` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
