ProHoster > Блог > Gudanarwa > Tsaro da DBMS: abin da kuke buƙatar tunawa lokacin zabar kayan aikin tsaro

Tsaro da DBMS: abin da kuke buƙatar tunawa lokacin zabar kayan aikin tsaro

Tsaro da DBMS: abin da kuke buƙatar tunawa lokacin zabar kayan aikin tsaro

Sunana Denis Rozhkov, Ni ne shugaban ci gaban software a kamfanin Gazinformservice, a cikin ƙungiyar samfuran. Jatoba. Doka da ka'idojin kamfanoni suna ɗora wasu buƙatu don amincin ajiyar bayanai. Babu wanda yake son wasu kamfanoni su sami damar yin amfani da bayanan sirri, don haka batutuwa masu zuwa suna da mahimmanci ga kowane aiki: ganowa da tantancewa, sarrafa damar yin amfani da bayanai, tabbatar da amincin bayanai a cikin tsarin, shigar da abubuwan tsaro. Saboda haka, ina so in yi magana game da wasu abubuwa masu ban sha'awa game da tsaro na DBMS.

An shirya labarin ne bisa wani jawabi a @DatabasesMeetup, shirya Mail.ru Cloud Solutions. Idan ba ku son karantawa, kuna iya kallo:


Labarin zai kasance da sassa uku:

  • Yadda ake amintar haɗi.
  • Menene duba ayyuka da yadda ake yin rikodin abin da ke faruwa a gefen bayanan bayanai da haɗawa da shi.
  • Yadda za a kare bayanai a cikin rumbun adana bayanan kanta da kuma waɗanne fasahohin da ke akwai don wannan.

Tsaro da DBMS: abin da kuke buƙatar tunawa lokacin zabar kayan aikin tsaro
Abubuwa uku na tsaro na DBMS: kariyar haɗin gwiwa, duba ayyuka da kariyar bayanai

Tabbatar da haɗin gwiwar ku

Kuna iya haɗawa zuwa bayanan bayanan kai tsaye ko a kaikaice ta aikace-aikacen yanar gizo. A matsayinka na mai mulki, mai amfani da kasuwanci, wato, mutumin da ke aiki tare da DBMS, yana hulɗa da shi a kaikaice.

Kafin yin magana game da kare haɗin kai, kuna buƙatar amsa tambayoyi masu mahimmanci waɗanda ke ƙayyade yadda za a tsara matakan tsaro:

  • Shin mai amfani da kasuwanci ɗaya yana daidai da mai amfani da DBMS ɗaya?
  • ko ana ba da damar yin amfani da bayanan DBMS ta hanyar API ɗin da kuke sarrafawa, ko kuma ana samun damar shiga tebur kai tsaye;
  • ko an ware DBMS zuwa wani yanki mai kariya daban, wanda ke hulɗa da shi da kuma ta yaya;
  • ko ana amfani da pooling/proxy da tsaka-tsakin yadudduka, wanda zai iya canza bayani game da yadda ake gina haɗin gwiwa da kuma wanda ke amfani da bayanan.

Yanzu bari mu ga irin kayan aikin da za a iya amfani da su don tabbatar da haɗin kai:

  1. Yi amfani da bayanan ajin Firewall mafita. Ƙarin ƙarin kariya zai, aƙalla, ƙara bayyana gaskiyar abin da ke faruwa a cikin DBMS, kuma a matsakaici, za ku iya samar da ƙarin kariyar bayanai.
  2. Yi amfani da manufofin kalmar sirri. Amfaninsu ya dogara da yadda aka gina gine-ginen ku. A kowane hali, kalmar sirri ɗaya a cikin fayil ɗin sanyi na aikace-aikacen gidan yanar gizo wanda ke haɗawa da DBMS bai isa don kariya ba. Akwai adadin kayan aikin DBMS waɗanda ke ba ku damar sarrafa abin da mai amfani da kalmar wucewa ke buƙatar ɗaukakawa.

    Kuna iya karanta ƙarin game da ayyukan ƙimar mai amfani a nan, za ku iya kuma gano game da MS SQL Vulnerability Assessmen a nan

  3. Haɓaka mahallin zaman tare da mahimman bayanai. Idan zaman ba shi da kyau, ba ku fahimci wanda ke aiki a cikin DBMS a cikin tsarin sa ba, kuna iya, a cikin tsarin aikin da ake yi, ƙara bayani game da wanda ke yin menene kuma me yasa. Ana iya ganin wannan bayanin a cikin binciken.
  4. Sanya SSL idan ba ku da rabuwar hanyar sadarwa tsakanin DBMS da masu amfani na ƙarshe; ba a cikin VLAN daban ba. A irin waɗannan lokuta, yana da mahimmanci don kare tashar tsakanin mabukaci da DBMS kanta. Hakanan ana samun kayan aikin tsaro a buɗaɗɗen tushe.

Ta yaya wannan zai shafi aikin DBMS?

Bari mu dubi misalin PostgreSQL don ganin yadda SSL ke shafar nauyin CPU, ƙara lokaci da rage TPS, kuma ko zai cinye albarkatun da yawa idan kun kunna shi.

Loading PostgreSQL ta amfani da pgbench shiri ne mai sauƙi don gudanar da gwaje-gwajen aiki. Yana aiwatar da jeri ɗaya na umarni akai-akai, mai yiyuwa a cikin zaman daidaitattun bayanai, sannan kuma yana ƙididdige matsakaicin ƙimar ciniki.

Gwaji 1 ba tare da SSL ba kuma ta amfani da SSL - an kafa haɗin don kowace ma'amala:

pgbench.exe --connect -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres sslmode=require 
sslrootcert=rootCA.crt sslcert=client.crt sslkey=client.key"

vs

pgbench.exe --connect -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres"

Gwaji 2 ba tare da SSL ba kuma ta amfani da SSL - duk ma'amaloli ana yin su ta hanyar haɗin gwiwa ɗaya:

pgbench.exe -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres sslmode=require
sslrootcert=rootCA.crt sslcert=client.crt sslkey=client.key"

vs

pgbench.exe -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres"

Sauran saituna:

scaling factor: 1
query mode: simple
number of clients: 10
number of threads: 1
number of transactions per client: 5000
number of transactions actually processed: 50000/50000

Sakamakon gwaji:

 
BA SSL
SSL

An kafa haɗin kai don kowace ma'amala

matsakaicin latency
171.915 ms
187.695 ms

tps gami da kafa haɗin gwiwa
58.168112
53.278062

tps ban da kafa haɗin gwiwa
64.084546
58.725846

CPU
24%
28%

Ana yin duk ma'amaloli a haɗe ɗaya

matsakaicin latency
6.722 ms
6.342 ms

tps gami da kafa haɗin gwiwa
1587.657278
1576.792883

tps ban da kafa haɗin gwiwa
1588.380574
1577.694766

CPU
17%
21%

A nauyi mai haske, tasirin SSL yana kwatankwacin kuskuren aunawa. Idan adadin bayanan da aka canjawa wuri yana da girma sosai, yanayin zai iya bambanta. Idan muka kafa haɗi ɗaya a kowace ma'amala (wannan ba kasafai ba ne, yawanci ana raba haɗin tsakanin masu amfani), kuna da adadi mai yawa na haɗin gwiwa / cire haɗin gwiwa, tasirin na iya zama ɗan girma kaɗan. Wato, ana iya samun haɗarin raguwar aiki, duk da haka, bambancin bai yi girma ba don kada a yi amfani da kariya.

Lura cewa akwai bambanci mai ƙarfi idan kun kwatanta yanayin aiki: kuna aiki a cikin zama ɗaya ko a cikin daban-daban. Wannan abu ne mai fahimta: ana kashe albarkatun don ƙirƙirar kowace haɗi.

Muna da shari'ar lokacin da muka haɗa Zabbix a cikin yanayin amana, wato, ba a bincika md5 ba, babu buƙatar tantancewa. Sa'an nan abokin ciniki ya nemi ya kunna yanayin tantancewar md5. Wannan ya sanya nauyi mai nauyi akan CPU, kuma aikin ya ragu. Mun fara neman hanyoyin ingantawa. Ɗaya daga cikin hanyoyin da za a magance matsalar ita ce aiwatar da ƙuntatawar hanyar sadarwa, yin VLAN daban-daban don DBMS, ƙara saitunan don bayyana a fili wanda ke haɗawa daga inda kuma cire tabbacin. , amma gaba ɗaya amfani da hanyoyi daban-daban tabbatarwa yana rinjayar aiki kuma yana buƙatar yin la'akari da waɗannan abubuwan yayin zayyana ƙarfin kwamfuta na sabobin (hardware) don DBMS.

Kammalawa: a cikin mafita da yawa, har ma da ƙananan nuances a cikin tabbatarwa na iya tasiri sosai ga aikin kuma yana da mummunan lokacin da wannan ya bayyana kawai lokacin da aka aiwatar da shi a cikin samarwa.

Aiki duba

Binciken na iya zama ba kawai DBMS ba. Binciken bincike shine game da samun bayanai game da abubuwan da ke faruwa a sassa daban-daban. Wannan na iya zama ko dai tacewar bayanai ko tsarin aiki wanda aka gina DBMS akansa.

A matakin Kasuwancin Kasuwanci DBMSs komai yana da kyau tare da dubawa, amma a buɗe tushen - ba koyaushe ba. Ga abin da PostgreSQL ke da shi:

  • tsoho log - ginanniyar shiga;
  • kari: pgaudit - idan tsoho log ɗin bai ishe ku ba, zaku iya amfani da saitunan daban waɗanda ke magance wasu matsaloli.

Ƙari ga rahoton a cikin bidiyon:

"Za a iya samar da mahimman bayanan shiga ta wurin daidaitaccen wurin shiga tare da log_statement = duka.

An yarda da wannan don saka idanu da sauran amfani, amma baya samar da matakin daki-daki da aka saba buƙata don tantancewa.

Bai isa a sami jerin duk ayyukan da aka yi akan ma'ajin bayanai ba.

Hakanan ya kamata a sami takamaiman maganganun da ke da sha'awar mai binciken.

Daidaitaccen shiga yana nuna abin da mai amfani ya nema, yayin da pgAudit ke mai da hankali kan cikakkun bayanan abin da ya faru lokacin da ma'aunin bayanai ya aiwatar da tambayar.

Misali, mai binciken na iya son tabbatar da cewa an ƙirƙiri wani tebur na musamman a cikin tagar da aka rubuta.

Wannan na iya zama kamar aiki mai sauƙi tare da dubawa na asali da grep, amma menene idan an gabatar muku da wani abu kamar wannan (da gangan) misali:

KU$$
GAME
KASHE 'KIRKIYAR TUSHEN SHIGO' || 'ant_table(id int)';
KARSHE $$;

Daidaitaccen katako zai ba ku wannan:

LOG: sanarwa: YI $$
GAME
KASHE 'KIRKIYAR TUSHEN SHIGO' || 'ant_table(id int)';
KARSHE $$;

Ya bayyana cewa nemo tebirin sha'awa na iya buƙatar wasu ilimin lamba a lokuta inda aka ƙirƙiri tebur da ƙarfi.

Wannan bai dace ba, saboda zai fi dacewa a bincika kawai ta sunan tebur.

Wannan shine inda pgAudit ke zuwa da amfani.

Don shigarwa iri ɗaya, zai samar da wannan fitarwa a cikin log ɗin:

AUDIT: ZAMANI,33,1, AIKI, AIKATA,,,"ZAMA $$
GAME
KASHE 'KIRKIYAR TUSHEN SHIGO' || 'ant_table(id int)';
KARSHE $$;"
AUDIT: ZAMA,33,2,DDL, KIRKIRA TEBLU,TABLE,TABILA.MUHIMMAN_TEBRI, KIRKIRA TABLE muhimmin_tebur (id INT)

Ba kawai DO block an shigar da shi ba, har ma da cikakken rubutun CREATE TABLE tare da nau'in bayani, nau'in abu, da cikakken suna, yana sauƙaƙa bincike.

Lokacin shiga SELECT da maganganun DML, za a iya daidaita pgAudit don shiga keɓantaccen shigarwa ga kowace dangantaka da aka yi nuni a cikin bayanin.

Ba a buƙatar tantancewa don nemo duk maganganun da suka taɓa wani tebur na musamman(*) »

Ta yaya wannan zai shafi aikin DBMS?

Bari mu gudanar da gwaje-gwaje tare da kunna cikakken dubawa kuma mu ga abin da zai faru da aikin PostgreSQL. Bari mu ba da damar matsakaicin shigar bayanan bayanai don duk sigogi.

Ba mu canza kusan kome ba a cikin fayil ɗin sanyi, abu mafi mahimmanci shine kunna yanayin debug5 don samun iyakar bayanai.

postgresql.conf

log_destination = 'stderr'
logging_collector = kunna
log_truncate_on_rotation = kunna
log_rotation_age = 1d
log_rotation_size = 10MB
log_min_messages = debug5
log_min_error_statement = debug5
log_min_duration_statement = 0
debug_print_parse = kunna
debug_print_rewritten = kunna
debug_print_plan = kunna
debug_pretty_print = kunna
log_checkpoints = kunna
log_connections = kunna
log_disconnections = kunna
log_duration = kunna
log_hostname = a kunne
log_lock_wait = kunna
log_replication_commands = kunna
log_temp_files = 0
log_timezone = 'Turai/Moscow'

A kan PostgreSQL DBMS tare da sigogi na 1 CPU, 2,8 GHz, 2 GB RAM, 40 GB HDD, muna gudanar da gwaje-gwajen lodi uku ta amfani da umarni:

$ pgbench -p 3389 -U postgres -i -s 150 benchmark
$ pgbench -p 3389 -U postgres -c 50 -j 2 -P 60 -T 600 benchmark
$ pgbench -p 3389 -U postgres -c 150 -j 2 -P 60 -T 600 benchmark

Sakamakon gwaji:

Babu shiga
Tare da shiga

Jimlar lokacin cika bayanai
43,74 sec
53,23 sec

RAM
24%
40%

CPU
72%
91%

Gwaji 1 (haɗin haɗi 50)

Adadin ma'amaloli a cikin mintuna 10
74169
32445

Ma'amaloli/sec
123
54

Matsakaicin Latency
405 ms
925 ms

Gwaji 2 (haɗi 150 tare da 100 mai yiwuwa)

Adadin ma'amaloli a cikin mintuna 10
81727
31429

Ma'amaloli/sec
136
52

Matsakaicin Latency
550 ms
1432 ms

Game da masu girma dabam

Girman DB
2251 MB
2262 MB

Girman log ɗin bayanai
0 MB
4587 MB

Ƙashin ƙasa: cikakken bincike ba shi da kyau sosai. Bayanan da ke cikin binciken za su yi girma kamar bayanan da ke cikin rumbun adana bayanai da kansa, ko ma fiye da haka. Adadin shiga da aka samar lokacin aiki tare da DBMS matsala ce ta gama gari a samarwa.

Bari mu kalli wasu sigogi:

  • Gudun ba ya canzawa da yawa: ba tare da shiga ba - 43,74 seconds, tare da shiga - 53,23 seconds.
  • Ayyukan RAM da CPU za su sha wahala, saboda kuna buƙatar ƙirƙirar fayil ɗin dubawa. Wannan kuma sananne ne a cikin yawan aiki.

Yayin da adadin haɗin ke ƙaruwa, a zahiri, aikin zai ɗan ɗan yi rauni.

A cikin kamfanoni tare da tantancewa ya ma fi wahala:

  • akwai bayanai da yawa;
  • Ana buƙatar dubawa ba kawai ta hanyar syslog a cikin SIEM ba, har ma a cikin fayiloli: idan wani abu ya faru da syslog, dole ne a sami fayil kusa da bayanan da aka adana bayanan;
  • ana buƙatar wani faifai daban don dubawa don kada a ɓata I/O faifai, saboda yana ɗaukar sarari da yawa;
  • Ya faru cewa ma'aikatan tsaro na bayanai suna buƙatar ma'aunin GOST a ko'ina, suna buƙatar shaidar jihar.

Ƙuntata samun dama ga bayanai

Bari mu dubi fasahar da ake amfani da su don kare bayanai da samun damar su a cikin DBMS na kasuwanci da buɗaɗɗen tushe.

Me za ku iya amfani da shi gabaɗaya:

  1. Rufewa da toshe hanyoyin da ayyuka (Wrapping) - wato, keɓance kayan aiki da abubuwan amfani waɗanda ke sa lambar da ba za a iya karantawa ba ta iya karantawa. Gaskiya ne, to, ba za a iya canzawa ko sake sakewa ba. Ana buƙatar wannan hanyar wani lokaci aƙalla a gefen DBMS - dabarar hani na lasisi ko dabaru na izini ana rufaffen rufaffen tsari da matakin aiki.
  2. Ƙayyade iya ganin bayanai ta hanyar layuka (RLS) shine lokacin da masu amfani daban-daban suka ga tebur ɗaya, amma nau'in layuka daban-daban a ciki, wato, wani abu ba zai iya nunawa ga wani a matakin layi ba.
  3. Gyara bayanan da aka nuna (Masking) shine lokacin da masu amfani a cikin ginshiƙi ɗaya na tebur suka ga ko dai bayanai ko taurari kawai, wato, ga wasu masu amfani za a rufe bayanin. Fasaha ta ƙayyade wane mai amfani da aka nuna abin da ya danganci matakin samun damar su.
  4. Tsaro DBA/Aikace-aikacen DBA/DBA Ikon samun dama shine, a maimakon haka, game da ƙuntata damar zuwa DBMS kanta, wato, ma'aikatan tsaro na bayanai za a iya raba su da masu gudanar da bayanai da masu gudanar da aikace-aikace. Akwai 'yan irin waɗannan fasahohin a buɗaɗɗen tushe, amma akwai wadatattun su a cikin DBMS na kasuwanci. Ana buƙatar su lokacin da masu amfani da yawa ke da damar shiga sabobin da kansu.
  5. Ƙuntata samun dama ga fayiloli a matakin tsarin fayil. Kuna iya ba da haƙƙoƙi da samun dama ga kundayen adireshi domin kowane mai gudanarwa ya sami dama ga mahimman bayanai kawai.
  6. Samun shiga na tilas da share ƙwaƙwalwar ajiya - waɗannan fasahohin ba safai ake amfani da su ba.
  7. Ƙarshe-zuwa-ƙarshen ɓoye kai tsaye daga DBMS shine ɓoyayyen gefen abokin ciniki tare da sarrafa maɓalli a gefen uwar garken.
  8. Rufin bayanan. Misali, boye-boye na columnar shine lokacin da kake amfani da tsarin da ke ɓoye ginshiƙi ɗaya na bayanan.

Ta yaya wannan ke shafar aikin DBMS?

Bari mu kalli misalin ɓoyayyen shafi a cikin PostgreSQL. Akwai pgcrypto module, yana ba ku damar adana zaɓaɓɓun filayen a cikin rufaffen tsari. Wannan yana da amfani lokacin da kawai wasu bayanai ke da daraja. Don karanta filayen da aka rufaffen, abokin ciniki yana aika maɓallin ɓoyewa, uwar garken yana yanke bayanan kuma ya mayar da shi ga abokin ciniki. Ba tare da maɓalli ba, babu wanda zai iya yin wani abu da bayanan ku.

Bari mu gwada da pgcrypto. Bari mu ƙirƙiri tebur mai rufaffen bayanai da bayanan yau da kullun. A ƙasa akwai umarni don ƙirƙirar tebur, a cikin layin farko akwai umarni mai amfani - ƙirƙirar haɓaka kanta tare da rajista na DBMS:

CREATE EXTENSION pgcrypto;
CREATE TABLE t1 (id integer, text1 text, text2 text);
CREATE TABLE t2 (id integer, text1 bytea, text2 bytea);
INSERT INTO t1 (id, text1, text2)
VALUES (generate_series(1,10000000), generate_series(1,10000000)::text, generate_series(1,10000000)::text);
INSERT INTO t2 (id, text1, text2) VALUES (
generate_series(1,10000000),
encrypt(cast(generate_series(1,10000000) AS text)::bytea, 'key'::bytea, 'bf'),
encrypt(cast(generate_series(1,10000000) AS text)::bytea, 'key'::bytea, 'bf'));

Na gaba, bari mu yi ƙoƙarin yin samfurin bayanai daga kowane tebur kuma mu kalli lokutan aiwatarwa.

Zaɓi daga tebur ba tare da aikin ɓoyewa ba:

psql -c "timing" -c "select * from t1 limit 1000;" "host=192.168.220.129 dbname=taskdb
user=postgres sslmode=disable" > 1.txt

Ana kunna agogon gudu.

  id | rubutu1 | rubutu2
————————-
1 | 1 | 1
2 | 2 | 2
3 | 3 | 3
...
997 | 997 | 997
998 | 998 | 998
999 | 999 | 999
1000 | 1000 | 1000
(layi 1000)

lokaci: 1,386 ms

Zaɓi daga tebur mai aikin ɓoyewa:

psql -c "timing" -c "select id, decrypt(text1, 'key'::bytea, 'bf'),
decrypt(text2, 'key'::bytea, 'bf') from t2 limit 1000;"
"host=192.168.220.129 dbname=taskdb user=postgres sslmode=disable" > 2.txt

Ana kunna agogon gudu.

  id | karya | warware
—————————————
1 | x31 | x31
2 | x32 | x32
3 | x33 | x33
...
999 | x393939 | x393939
1000 | x31303030 | x31303030
(layi 1000)

lokaci: 50,203 ms

Sakamakon gwaji:

 
Ba tare da boye-boye ba
Pgcrypto (decrypt)

Misalin layuka 1000
1,386 ms
50,203 ms

CPU
15%
35%

RAM
 
+ 5%

Rufewa yana da babban tasiri akan aiki. Ana iya ganin cewa lokacin ya ƙaru, tun da ayyukan ɓoyayyun bayanan da aka ɓoye (kuma ɓangarorin yawanci har yanzu suna nannade cikin dabarun ku) suna buƙatar mahimman albarkatu. Wato, ra'ayin ɓoye duk ginshiƙan da ke ɗauke da wasu bayanai yana cike da raguwar aiki.

Koyaya, boye-boye ba harsashin azurfa ba ne wanda ke magance duk matsaloli. Bayanan da aka ɓoye da maɓallin ɓoyewa yayin aiwatar da ƙaddamarwa da watsa bayanan suna kan sabar. Don haka, wanda ke da cikakkiyar damar shiga uwar garken bayanai, kamar mai kula da tsarin za a iya katse maɓallan.

Lokacin da akwai maɓalli ɗaya don dukan ginshiƙi don duk masu amfani (ko da ba don duka ba, amma ga abokan ciniki na ƙayyadaddun saiti), wannan ba koyaushe bane mai kyau kuma daidai. Wannan shine dalilin da ya sa suka fara yin ɓoyayyen ɓoye-zuwa-ƙarshe, a cikin DBMS sun fara la'akari da zaɓuɓɓuka don ɓoye bayanai akan abokin ciniki da uwar garken, kuma waɗannan ma'ajin maɓalli iri ɗaya sun bayyana - samfuran daban waɗanda ke ba da maɓalli na gudanarwa akan DBMS. gefe.

Tsaro da DBMS: abin da kuke buƙatar tunawa lokacin zabar kayan aikin tsaro
Misalin irin wannan boye-boye a MongoDB

Fasalolin tsaro a cikin kasuwanci da buɗe tushen DBMS

Ayyuka
Rubuta
Manufofin shiga
Audit
Kare lambar tushe na matakai da ayyuka
RLS
boye-boye

Oracle
kasuwanci
+
+
+
+
+

MsSql
kasuwanci
+
+
+
+
+

Jatoba
kasuwanci
+
+
+
+
kari

PostgreSQL
free
kari
kari
-
+
kari

MongoDb
free
-
+
-
-
Akwai a MongoDB Enterprise kawai

Tebur bai cika ba, amma halin da ake ciki shine: a cikin samfuran kasuwanci, an warware matsalolin tsaro na dogon lokaci, a cikin bude tushen, a matsayin mai mulkin, ana amfani da wasu nau'in add-ons don tsaro, ayyuka da yawa sun ɓace. , wani lokacin dole ne ka ƙara wani abu. Misali, manufofin kalmar sirri - PostgreSQL yana da kari daban-daban (1, 2, 3, 4, 5), wanda ke aiwatar da manufofin kalmar sirri, amma, a ra'ayi na, babu ɗayansu da ya shafi duk bukatun ɓangaren kamfanoni na cikin gida.

Abin da za ku yi idan ba ku da abin da kuke buƙata a ko'ina? Misali, kuna son amfani da takamaiman DBMS wanda bashi da ayyukan da abokin ciniki ke buƙata.

Sannan zaku iya amfani da mafita na ɓangare na uku waɗanda ke aiki tare da DBMS daban-daban, misali, Crypto DB ko Garda DB. Idan muna magana ne game da mafita daga sashin gida, to sun san GOSTs fiye da tushen budewa.

Zaɓin na biyu shine rubuta abin da kuke buƙata da kanku, aiwatar da samun damar bayanai da ɓoyewa a cikin aikace-aikacen a matakin tsari. Gaskiya, zai zama mafi wahala tare da GOST. Amma gabaɗaya, zaku iya ɓoye bayanan kamar yadda ake buƙata, saka su a cikin DBMS, sannan ku dawo da su kuma ku ɓoye su kamar yadda ake buƙata, daidai a matakin aikace-aikacen. A lokaci guda, nan da nan tunani game da yadda za ku kare waɗannan algorithms a cikin aikace-aikacen. A ra'ayinmu, wannan ya kamata a yi a matakin DBMS, saboda zai yi aiki da sauri.

An fara gabatar da wannan rahoto a @Databases Meetup Ta hanyar Mail.ru Cloud Solutions. Duba видео sauran wasan kwaikwayo da kuma biyan kuɗi zuwa sanarwar taron akan Telegram A kusa da Kubernetes a Ƙungiyar Mail.ru.

Me kuma za a karanta a kan batun:

  1. Fiye da Ceph: MCS Cloud block ajiya.
  2. Yadda ake zabar rumbun adana bayanai don aiki don kada ku sake zabar.

source: www.habr.com

Add a comment