当前位置:网站首页>Kingbasees Security Guide for Jincang database -- 4 data access protection

Kingbasees Security Guide for Jincang database -- 4 data access protection

2022-07-28 04:04:00 Thousands of sails passed by the side of the sunken boat_

4.1.  Manage context

4.1.1.  About context

stay KingbaseES in ,CONTEXT Context refers to a set of application defined properties , For validating and protecting applications .

Use CREATE CONTEXT Statement for context establish namespace label , take namespace And are used to set context Is associated with the package . have access to DBMS_SESSION.SET_CONTEXT The program sets in the associated package context The attribute value key-value.

namespace Medium key-value Only session level access is allowed , That is, only the session that sets its attribute value can access the value , The value of this attribute accessed by other sessions is empty . The system view sys_context Contains all information about the database context .

for example : Create a file called context_test Of context, The associated package is package_test:

CREATE CONTEXT context_test USING package_test;

4.1.2.  The use of context

stay KingbaseES in , By using dbms_session Processes in the system package to manage context . In the use of dbms_session Before , You need to add it to kingbase.conf Of documents shared_preload_libraries in , And restart KingbaseES database :

shared_preload_libraries = 'dbms_session'

DBMS_SESSION The subroutines and brief introduction contained in the system package are shown in the following table :

surface 4.1.3 DBMS_SESSION Subroutine of system package

The process of

function

CLEAR_ALL_CONTEXT The process

Clean up the current session's assignment namespace All contexts of .

CLEAR_CONTEXT The process

eliminate namespace Medium attribute value .

LIST_CONTEXT The process

Returns all context properties and values of the current session .

SET_CONTEXT The process

Set context namespace Properties and values of .

Here is an example to demonstrate the use of context :

 First , Add expansion pack 

create extension dbms_session;

 First step   establish  package:
CREATE or replace package test_pk as
        procedure set_context(ts_name varchar, key varchar, value varchar);
        procedure set_user_context(ts_name varchar, key varchar, value varchar, username varchar, client_id varchar);
        procedure clear_context(ts_name varchar, client_identifier varchar, key varchar);
        procedure clear_all_context(ts_name varchar);
end test_pk;
/
CREATE or replace package body test_pk as
        procedure set_context(ts_name varchar, key varchar, value varchar) as
                begin
                        dbms_session.set_context(ts_name, key, value);
                end;
        procedure set_user_context(ts_name varchar, key varchar, value varchar, username varchar, client_id varchar) as
                begin
                        dbms_session.set_context(ts_name, key, value, username, client_id);
                end;
        procedure clear_context(ts_name varchar, client_identifier varchar, key varchar) as
                begin
                        dbms_session.clear_context(ts_name, client_identifier ,key);
                end;
        procedure clear_all_context(ts_name varchar) as
                begin
                        dbms_session.clear_all_context(ts_name);
                end;
end test_pk;
/

 The second step   establish  context
create or replace context c_user01 using test_pk;

 The third step   Set up  namespace  Of key-value
call test_pk.set_context('c_user01', 'u_k2', 'u_v2');

 Step four   Inquire about 
select sys_context('c_user01', 'u_k2');
SYS_CONTEXT('C_USER01','U_K2')
---------------------------------------------------
u_v2

 Step five   modify u_k2 And query 
call test_pk.set_context('c_user01', 'u_k2', 'u_v2222');
Select sys_context('c_user01', 'u_k2');
SYS_CONTEXT('C_USER01','U_K2')
---------------------------------------------------
u_v2222

 Step six   Add a new attribute value u_k3 And query 
call test_pk.set_context('c_user01', 'u_k3', 'u_v3');
select sys_context('c_user01', 'u_k3');
SYS_CONTEXT('C_USER01','U_K3')
-------------------------------------------------
u_v3

 Step seven   Clear context c_user01 attribute u_k2 And query again 
call test_pk.clear_context('c_user01', null,'u_k2');
select sys_context('c_user01', 'u_k2');
 sys_context
-------------

(1  rows )
select sys_context('c_user01', 'u_k3');
 sys_context
-------------
u_v3
(1  rows )

 Step eight   Clear context c_user01
call test_pk.clear_all_context('c_user01');
select sys_context('c_user01', 'u_k3');
sys_context
-------------

(1  rows )

4.2.  Encrypt data manually

KingbaseES Support users to use encryption functions to protect sensitive data , And provides a variety of encryption algorithms .

4.2.1.  encryption algorithm

KingbaseES Provides a typical encryption algorithm , Users can use encryption algorithms to store key sensitive data . The supported encryption algorithms are shown in the following table .

surface 4.2.11  encryption algorithm

Algorithm

The built-in

Use OpenSSL

Encryption algorithm type

MD5

yes

yes

Abstract

SHA1

yes

yes

Abstract

SHA224/256/384/512

yes ( Be careful a)

yes

Abstract

Blowfish

yes

yes ( Be careful c)

symmetry

AES

yes

yes

symmetry

DES/3DES/CAST5

no

no

symmetry

SM3

yes

no

Abstract

SM4

yes

yes

symmetry

RC4

yes

symmetry

Example of encryption algorithm :

SELECT encode(digest('abc', 'md5'), 'hex');
SELECT encode(digest('abc', 'sha1'), 'hex');
SELECT encode(digest('abc', 'sha224'), 'hex');
SELECT encode(digest('abc', 'sha384'), 'hex');
SELECT encode(digest('abc', 'sha512'), 'hex');
SELECT encode(encrypt('Lets try a longer message.', '0123456789', 'bf'), 'hex');
SELECT encode(encrypt('Lets try a longer message.', '0123456789', 'aes'), 'hex');
SELECT encode(encrypt('Lets try a longer message.', '01234567', 'des'), 'hex');
SELECT encode(encrypt('Lets try a longer message.', '0123456789012345678901', '3des'), 'hex');
SELECT encode(encrypt('Lets try a longer message.', '0123456789', 'cast5'), 'hex');

4.2.2.  Function description

  1. sm3() function

Parameter is : Encrypt data .

  1. sm4() function /rc4() function

The parameters are : Add / Decrypt data ; secret key ; encryption / Decryption ID .

  1. sm4_ex() function (rc4 Function does not ex Function extension )

The parameters are : Add / Decrypt data ; secret key ; encryption / Decryption ID ; Fill mode .

1) Fill mode 1, Data press 16 Byte multiples force padding , Lack of m Bytes are filled with m Bytes of m value (m The maximum value is 16).

2) Fill mode 0, Data press 16 Byte multiples are not mandatory 0x0, Same as sm4.

4.2.3.  Example 

create extension kbcrypto;
set bytea_output to escape;

-- 1. sm3() function 
select sm3('123456abcdef');

-- 2. sm4() function /rc4() function 
--  encryption :
select sm4('123456abcdef','0123456789ABCDEF',0);
select rc4('123456abcdef','0123456789ABCDEF',0);
--  Decrypt 
select sm4(sm4('123456abcdef','0123456789ABCDEF',0), '0123456789ABCDEF',1);
select rc4(rc4('123456abcdef','0123456789ABCDEF',0), '0123456789ABCDEF',1);

-- 3. sm4_ex() function (rc4 Function does not ex Function extension )
-- 1) Fill mode 1
--  encryption :
select sm4_ex('123456abcdef','0123456789ABCDEF',0,1);
--  Decrypt 
select sm4_ex(sm4_ex('123456abcdef','0123456789ABCDEF',0,1), '0123456789ABCDEF',1,1);
-- 2)  Fill mode 0
--  encryption 
select sm4_ex('123456abcdef','0123456789ABCDEF',0,0);
--  Decrypt 
select sm4_ex(sm4_ex('123456abcdef','0123456789ABCDEF',0,0), '0123456789ABCDEF',1,0);
原网站

版权声明
本文为[Thousands of sails passed by the side of the sunken boat_]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/209/202207280359224283.html

边栏推荐

猜你喜欢

随机推荐