Jackhjf commented on issue #4341:
URL: https://github.com/apache/kyuubi/issues/4341#issuecomment-1461174487
> You have a mask rule on the column - name -, which will be masked during
scan operation, so the operations that follow will only get the masked data.
>
> I know it's a bit counterintuitive. But it is correct. Supposing we don't
mask ahead and change your test case to `select id ,name from
iceberg_spark.test_copy a where a.name ='Jackhjf'`. Users get the result
`md5('Jackhjf')`, but everyone knows the datasource contains records for
`Jackhjf`. In such a case, the data is not secured, right?
From this point of view, the data is really not safe.thanks
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
