[Discussion] Consider removing business related plainColumn and queryWithCipherColumn in encrypt rule

Thu, 27 Apr 2023 20:25:56 -0700 

Hi community,

Currently, ShardingSphere encrypt rule contains many configuration items,
the complete configuration items are as follows.

rules:
- !ENCRYPT
  tables:
    <table_name> (+): # Encrypt table name
      columns:
        <column_name> (+): # Encrypt logic column name
          plainColumn (?): # Plain column name
          cipherColumn: # Cipher column name
          encryptorName: # Cipher encrypt algorithm name
          assistedQueryColumn (?):  # Assisted query column name
          assistedQueryEncryptorName:  # Assisted query encrypt algorithm
name
          likeQueryColumn (?):  # Like query column name
          likeQueryEncryptorName:  # Like query encrypt algorithm name
      queryWithCipherColumn(?): # The current table whether query with
cipher column for data encrypt.

  # Encrypt algorithm configuration
  encryptors:
    <encrypt_algorithm_name> (+): # Encrypt algorithm name
      type: # Encrypt algorithm type
      props: # Encrypt algorithm properties
        # ...

  queryWithCipherColumn: # Whether query with cipher column for data
encrypt. User you can use plaintext to query if have
Some of configuration items are necessary for encrypt feature, such as:
cipherColumn, encryptorName, assistedQueryColumn,
assistedQueryEncryptorName, likeQueryColumn and likeQueryEncryptorName.
These configuration items allow users to configure encrypt columns and
encrypt algorithms.

Some other configuration items, such as plainColumn and different levels of
queryWithCipherColumn, have nothing to do with the encrypt feature, but
only to meet the switching of business traffic. Maintaining plainColumn and
different levels of queryWithCipherColumn has brought great challenges to
ShardingSphere, resulting in too complicated SQL rewriting logic.
Currently, encrypt SQL rewriting logic is already very complicated.

In order to improve the maintainability of the encrypt feature, it is time
to simplify the encrypt configuration and remove plainColumn and
queryWithCipherColumn. The work of switching business traffic is handed
over to users themselves, while ShardingSphere focuses on increasing the
core capabilities of encrypt.

Everyone is welcome to participate in the discussion and express their
views. Thank you.

For more details, you can also refer github issue -
https://github.com/apache/shardingsphere/issues/25383.

Best regards,
Zhengqiang
——————————————————————
Zhengqiang Duan (duanzhengqi...@apache.org)
Apache ShardingSphere PMC
GitHub@strongduanmu

Reply via email to