MySQL企業版裏面的數據屏蔽的功能,在Percona 8.0.17裏面被開源實現了。
具體可以參考下面3篇文檔:
https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/data-masking-installation.html
https://www.percona.com/doc/percona-server/LATEST/security/data-masking.html、
https://www.percona.com/blog/2020/01/06/data-masking-in-percona-server-for-mysql-to-protect-sensitive-data/
我們這裏演示方便起見,用dbdeployer來部署:
dbdeployer unpack --prefix=ps Percona-Server-8.0.18-9-Linux.x86_64.ssl101.tar.gz dbdeployer deploy single ps8.0.18 --bind-address='0.0.0.0' --gtid --init-general-log --enable-genera-log --disable-mysqlx --force
cd /sandboxes/msb_ps8_0_18/
cat my.sandbox.cnf 修改下 client段的user爲root(默認dbdeployer部署的是低權限賬號)
[client] user = root
# 安裝data_masking 插件
./use 登錄進mysql控制檯 mysql [localhost:8018] {root} (test) > INSTALL PLUGIN data_masking SONAME 'data_masking.so'; Query OK, 0 rows affected (0.02 sec)
# 演示數據屏障功能
mysql [localhost:8018] {root} (test) > SELECT mask_outer('This is a string', 5, 1); # 前5個和最後1個字符,用掩碼替代 +--------------------------------------+ | mask_outer('This is a string', 5, 1) | +--------------------------------------+ | XXXXXis a strinX | +--------------------------------------+ 1 row in set (0.00 sec) mysql [localhost:8018] {root} (test) > SELECT mask_pan_relaxed(gen_rnd_pan()); +---------------------------------+ | mask_pan_relaxed(gen_rnd_pan()) | +---------------------------------+ | 545151XXXXXX1753 | +---------------------------------+ 1 row in set (0.00 sec)
具體還有很多,參考上面的3個連接即可。。