MySQL企業版裏面的數據屏蔽的功能,在Percona 8.0.17裏面被開源實現了。
具體可以參考下面3篇文檔:
https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/data-masking-installation.html
https://www.percona.com/doc/percona-server/LATEST/security/data-masking.html、
https://www.percona.com/blog/2020/01/06/data-masking-in-percona-server-for-mysql-to-protect-sensitive-data/
我們這裏演示方便起見,用dbdeployer來部署:
dbdeployer unpack --prefix=ps Percona-Server-8.0.18-9-Linux.x86_64.ssl101.tar.gz dbdeployer deploy single ps8.0.18 --bind-address='0.0.0.0' --gtid --init-general-log --enable-genera-log --disable-mysqlx --force
cd /sandboxes/msb_ps8_0_18/
cat my.sandbox.cnf 修改下 client段的user爲root(默認dbdeployer部署的是低權限賬號)
[client] user = root
# 安裝data_masking 插件
./use 登錄進mysql控制檯
mysql [localhost:8018] {root} (test) > INSTALL PLUGIN data_masking SONAME 'data_masking.so';
Query OK, 0 rows affected (0.02 sec)# 演示數據屏障功能
mysql [localhost:8018] {root} (test) > SELECT mask_outer('This is a string', 5, 1); # 前5個和最後1個字符,用掩碼替代
+--------------------------------------+
| mask_outer('This is a string', 5, 1) |
+--------------------------------------+
| XXXXXis a strinX |
+--------------------------------------+
1 row in set (0.00 sec)
mysql [localhost:8018] {root} (test) > SELECT mask_pan_relaxed(gen_rnd_pan());
+---------------------------------+
| mask_pan_relaxed(gen_rnd_pan()) |
+---------------------------------+
| 545151XXXXXX1753 |
+---------------------------------+
1 row in set (0.00 sec)具體還有很多,參考上面的3個連接即可。。