Average user data stored in the database, while the database is stored in binary, plain text can not directly open to see, but if you are a layman, a direct connection into the mysql in, or you can view the data directly.
So for some of the core data, especially business critical data assets, usually to add a transparent encryption of data security, in order to avoid some unnecessary personnel direct access to important information.
In O Diary, there is a special transparent encryption functional module, called the Oracle Key Manager , interested in children's shoes can go look.
As we all know, mysql use very much on the Internet, in addition to its performance is really good, but free is also an important reason. But free on behalf of does not pay attention for some important business function, it does not, you can not say what, after all, O mind as we also offer a commercial version.
So in MySQL, we do not have transparent encryption. Nonetheless, mysql with encryption / decryption ah basic functions, as well as functions and triggers, no matter how harsh the environment, as long as want something, there are always ways to achieve, the people are the creators of history.
---- Dividing line ----
First, in order to avoid encryption and decryption key is directly exposed, let's create a table to hold the key value.
- Configure a stored encryption / decryption key table, prepared in advance and a key value Create Table TKey (KeyName VARCHAR ( 100 )); INSERT INTO TKey values ( ' sequoiadb ' );
Create a test table, to avoid the back of the trigger can not be created
- test table, encryption and decryption to verify the effect of drop Table IF EXISTS Test; Create Table Test (ID int , name VARCHAR ( 100 ));
Creating insert and update trigger, trigger only encrypt stored for test.name field, the field of test.id not treated. If you want to do more complicated, certainly need to wrap a layer configuration in business, the only describes how to achieve here
- INSERT trigger, only to encrypt stored for test.name field drop the Trigger IF EXISTS t_insert; DELIMITER ;; create trigger t_insert before insert on test for each row begin select keyname into @key_name from tkey limit 1; set new.name = hex(AES_ENCRYPT(new.name, @key_name)); end ;; DELIMITER ; - Update trigger, only encryption update for test.name field drop the Trigger IF EXISTS t_update; DELIMITER ;; create trigger t_update before update on test for each row begin select keyname into @key_name from tkey limit 1; set new.name = hex(AES_ENCRYPT(new.name, @key_name)); end ;; DELIMITER ;
Creating a decryption function, mainly to the query, more friendly
- a decryption function drop function IF EXISTS the decrypt; DELIMITER ;; create function decrypt(col varchar(100)) returns varchar(100) DETERMINISTIC BEGIN select keyname into @key_name from tkey limit 1; return AES_DECRYPT(unhex(col), @key_name); END ;; DELIMITER ;
So basically configured the mysql transparent encryption and decryption action, and we have to verify
- verification sql, it can be decrypted by a general query and a query to see if the data were to be automatically encrypted TRUNCATE Table Test; INSERT INTO Test values ( . 1 , ' SDB ' ); INSERT INTO Test values ( 2 , ' sequoiadb ' ) ; - normal query, the result is garbled SELECT * from Test; - decrypting query, returns the expected results SELECT ID, the decrypt (name) from Test; Update Test SET name = ' jushan ' WHERE ID = . 1 ; - decrypting query SELECT ID, the decrypt (name) from Test WHERE ID = . 1 ;
My own test results screenshot:
Today introduced the bar.