kimmking commented on a change in pull request #5387:
URL: https://github.com/apache/shardingsphere/pull/5387#discussion_r417938168
##########
File path: docs/document/content/features/orchestration/encrypt.en.md
##########
@@ -12,6 +12,196 @@ Because of that, ShardingSphere has provided data masking,
which stores users' s
ShardingSphere has made the encryption and decryption processes totally
transparent to users, who can store desensitized data and acquire original data
without any awareness. In addition, ShardingSphere has provided internal
masking algorithms, which can be directly used by users. In the same time, we
have also provided masking algorithm related interfaces, which can be
implemented by users themselves. After simple configurations, ShardingSphere
can use algorithms provided by users to perform encryption, decryption and
masking.
+## Preface
+
+Apache ShardingSphere is an ecosystem of open source distributed database
middleware solutions. It consists of Sharding-JDBC, Sharding-Proxy, and
Sharding-Sidecar (in planning) which are independent of each other, but can be
used in mixed deployment. All of these can provide standardized data sharding,
distributed transactions, and distributed governance functions, and can be
applied to various situation such as Java homogeneous, heterogeneous languages,
containers, cloud native, and so on.
+
+The data encryption module belongs to the sub-function module under the core
function of ShardingSphere distributed governance. It parses the SQL input by
the user and rewrites the SQL according to the encryption configuration
provided by the user, thereby encrypting the original data and storing the
original data and store the original data (optional) and cipher data to
database at the same time. When the user queries the data, it takes the cipher
data from the database and decrypts it, and finally returns the decrypted
original data to the user. Apache ShardingSphere distributed database
middleware automates and transparentizes the process of data encryption, so
that users do not need to pay attention to the details of data decryption and
use decrypted data like ordinary data. In addition, ShardingSphere can provide
a relatively complete set of solutions for the encryption of online services or
the encryption function of new services.
+
+## Demand Analysis
+
+The demand for data encryption is generally divided into two situations in
real business scenarios:
+
+1. When the new business start to launch, and the security department
stipulates that the sensitive information related to users, such as banks and
mobile phone numbers, should be encrypted and stored in the database, and then
decrypted when used. Because it is a brand new system, there is no inventory
data cleaning problem, so the implementation is relatively simple.
+
+2. For the service has been launched, and plaintext has been stored in the
database before. The relevant department suddenly needs to encrypt the data
from the on-line business. This scenario generally needs to deal with three
issues as followings:
+__
+ a) How to encrypt the historical data, a.k.a.s wash number.
+
+ b) How to encrypt the newly added data and store it in the database without
changing the business SQL and logic; then decrypt the taken out data when use
it.
+
+ c) How to securely, seamlessly and transparently migrate business systems
between plaintext and ciphertext data
Review comment:
migrate plaintext and ciphertext data between business systems
##########
File path: docs/document/content/features/orchestration/encrypt.en.md
##########
@@ -12,6 +12,196 @@ Because of that, ShardingSphere has provided data masking,
which stores users' s
ShardingSphere has made the encryption and decryption processes totally
transparent to users, who can store desensitized data and acquire original data
without any awareness. In addition, ShardingSphere has provided internal
masking algorithms, which can be directly used by users. In the same time, we
have also provided masking algorithm related interfaces, which can be
implemented by users themselves. After simple configurations, ShardingSphere
can use algorithms provided by users to perform encryption, decryption and
masking.
+## Preface
+
+Apache ShardingSphere is an ecosystem of open source distributed database
middleware solutions. It consists of Sharding-JDBC, Sharding-Proxy, and
Sharding-Sidecar (in planning) which are independent of each other, but can be
used in mixed deployment. All of these can provide standardized data sharding,
distributed transactions, and distributed governance functions, and can be
applied to various situation such as Java homogeneous, heterogeneous languages,
containers, cloud native, and so on.
+
+The data encryption module belongs to the sub-function module under the core
function of ShardingSphere distributed governance. It parses the SQL input by
the user and rewrites the SQL according to the encryption configuration
provided by the user, thereby encrypting the original data and storing the
original data and store the original data (optional) and cipher data to
database at the same time. When the user queries the data, it takes the cipher
data from the database and decrypts it, and finally returns the decrypted
original data to the user. Apache ShardingSphere distributed database
middleware automates and transparentizes the process of data encryption, so
that users do not need to pay attention to the details of data decryption and
use decrypted data like ordinary data. In addition, ShardingSphere can provide
a relatively complete set of solutions for the encryption of online services or
the encryption function of new services.
+
+## Demand Analysis
+
+The demand for data encryption is generally divided into two situations in
real business scenarios:
+
+1. When the new business start to launch, and the security department
stipulates that the sensitive information related to users, such as banks and
mobile phone numbers, should be encrypted and stored in the database, and then
decrypted when used. Because it is a brand new system, there is no inventory
data cleaning problem, so the implementation is relatively simple.
+
+2. For the service has been launched, and plaintext has been stored in the
database before. The relevant department suddenly needs to encrypt the data
from the on-line business. This scenario generally needs to deal with three
issues as followings:
+__
Review comment:
a redundant underscore here
##########
File path: docs/document/content/features/orchestration/encrypt.en.md
##########
@@ -12,6 +12,196 @@ Because of that, ShardingSphere has provided data masking,
which stores users' s
ShardingSphere has made the encryption and decryption processes totally
transparent to users, who can store desensitized data and acquire original data
without any awareness. In addition, ShardingSphere has provided internal
masking algorithms, which can be directly used by users. In the same time, we
have also provided masking algorithm related interfaces, which can be
implemented by users themselves. After simple configurations, ShardingSphere
can use algorithms provided by users to perform encryption, decryption and
masking.
+## Preface
+
+Apache ShardingSphere is an ecosystem of open source distributed database
middleware solutions. It consists of Sharding-JDBC, Sharding-Proxy, and
Sharding-Sidecar (in planning) which are independent of each other, but can be
used in mixed deployment. All of these can provide standardized data sharding,
distributed transactions, and distributed governance functions, and can be
applied to various situation such as Java homogeneous, heterogeneous languages,
containers, cloud native, and so on.
+
+The data encryption module belongs to the sub-function module under the core
function of ShardingSphere distributed governance. It parses the SQL input by
the user and rewrites the SQL according to the encryption configuration
provided by the user, thereby encrypting the original data and storing the
original data and store the original data (optional) and cipher data to
database at the same time. When the user queries the data, it takes the cipher
data from the database and decrypts it, and finally returns the decrypted
original data to the user. Apache ShardingSphere distributed database
middleware automates and transparentizes the process of data encryption, so
that users do not need to pay attention to the details of data decryption and
use decrypted data like ordinary data. In addition, ShardingSphere can provide
a relatively complete set of solutions for the encryption of online services or
the encryption function of new services.
+
+## Demand Analysis
+
+The demand for data encryption is generally divided into two situations in
real business scenarios:
+
+1. When the new business start to launch, and the security department
stipulates that the sensitive information related to users, such as banks and
mobile phone numbers, should be encrypted and stored in the database, and then
decrypted when used. Because it is a brand new system, there is no inventory
data cleaning problem, so the implementation is relatively simple.
+
+2. For the service has been launched, and plaintext has been stored in the
database before. The relevant department suddenly needs to encrypt the data
from the on-line business. This scenario generally needs to deal with three
issues as followings:
+__
+ a) How to encrypt the historical data, a.k.a.s wash number.
Review comment:
wash number should be clean data
##########
File path: docs/document/content/features/orchestration/encrypt.en.md
##########
@@ -12,6 +12,196 @@ Because of that, ShardingSphere has provided data masking,
which stores users' s
ShardingSphere has made the encryption and decryption processes totally
transparent to users, who can store desensitized data and acquire original data
without any awareness. In addition, ShardingSphere has provided internal
masking algorithms, which can be directly used by users. In the same time, we
have also provided masking algorithm related interfaces, which can be
implemented by users themselves. After simple configurations, ShardingSphere
can use algorithms provided by users to perform encryption, decryption and
masking.
+## Preface
+
+Apache ShardingSphere is an ecosystem of open source distributed database
middleware solutions. It consists of Sharding-JDBC, Sharding-Proxy, and
Sharding-Sidecar (in planning) which are independent of each other, but can be
used in mixed deployment. All of these can provide standardized data sharding,
distributed transactions, and distributed governance functions, and can be
applied to various situation such as Java homogeneous, heterogeneous languages,
containers, cloud native, and so on.
+
+The data encryption module belongs to the sub-function module under the core
function of ShardingSphere distributed governance. It parses the SQL input by
the user and rewrites the SQL according to the encryption configuration
provided by the user, thereby encrypting the original data and storing the
original data and store the original data (optional) and cipher data to
database at the same time. When the user queries the data, it takes the cipher
data from the database and decrypts it, and finally returns the decrypted
original data to the user. Apache ShardingSphere distributed database
middleware automates and transparentizes the process of data encryption, so
that users do not need to pay attention to the details of data decryption and
use decrypted data like ordinary data. In addition, ShardingSphere can provide
a relatively complete set of solutions for the encryption of online services or
the encryption function of new services.
+
+## Demand Analysis
+
+The demand for data encryption is generally divided into two situations in
real business scenarios:
+
+1. When the new business start to launch, and the security department
stipulates that the sensitive information related to users, such as banks and
mobile phone numbers, should be encrypted and stored in the database, and then
decrypted when used. Because it is a brand new system, there is no inventory
data cleaning problem, so the implementation is relatively simple.
+
+2. For the service has been launched, and plaintext has been stored in the
database before. The relevant department suddenly needs to encrypt the data
from the on-line business. This scenario generally needs to deal with three
issues as followings:
+__
+ a) How to encrypt the historical data, a.k.a.s wash number.
+
+ b) How to encrypt the newly added data and store it in the database without
changing the business SQL and logic; then decrypt the taken out data when use
it.
+
+ c) How to securely, seamlessly and transparently migrate business systems
between plaintext and ciphertext data
+
+## Detailed Process
+
+### Overall Architecture
+
+Encrypt-JDBC provided by ShardingSphere are deployed with business code.
Business parties need to perform JDBC programming for Encrypt-JDBC. Since
Encrypt-JDBC implements all JDBC standard interfaces, business codes can be
used without additional modification. At this time, Encrypt-JDBC is responsible
for all interactions between the business code and the database. Business only
needs to provide encryption rules. ** As a bridge between the business code and
the underlying database, Encrypt-JDBC can intercept user behavior and interact
with the database after transforming the user behavior. **
Review comment:
business codes
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
