Pulogalamu ya ProHoster > Blog > Ulamuliro > Chitetezo ndi DBMS: zomwe muyenera kukumbukira posankha zida zachitetezo

Chitetezo ndi DBMS: zomwe muyenera kukumbukira posankha zida zachitetezo

Chitetezo ndi DBMS: zomwe muyenera kukumbukira posankha zida zachitetezo

Dzina langa ndi Denis Rozhkov, ndine wamkulu wa chitukuko cha mapulogalamu ku kampani ya Gazinformservice, mu gulu lazogulitsa. Jatoba. Malamulo ndi malamulo amakampani amaika zofunikira zina pachitetezo cha kusungidwa kwa data. Palibe amene amafuna kuti anthu ena apeze zinsinsi zachinsinsi, choncho nkhani zotsatirazi ndizofunikira pa ntchito iliyonse: chizindikiritso ndi kutsimikizika, kuyang'anira mwayi wopeza deta, kuwonetsetsa kukhulupirika kwa chidziwitso mu dongosolo, kusunga zochitika zachitetezo. Chifukwa chake, ndikufuna kulankhula za mfundo zosangalatsa zokhudzana ndi chitetezo cha DBMS.

Nkhaniyi inakonzedwa potengera zimene anakamba pa @DatabasesMeetup, bungwe Mail.ru Cloud Solutions. Ngati simukufuna kuwerenga, mutha kuwona:


Nkhaniyi ikhala ndi magawo atatu:

  • Momwe mungatetezere maulumikizidwe.
  • Kodi kuwunika kwazomwe zikuchitika ndi momwe mungalembe zomwe zikuchitika kumbali ya database ndikulumikizana nazo.
  • Momwe mungatetezere deta mu database yokha ndi matekinoloje omwe alipo pa izi.

Chitetezo ndi DBMS: zomwe muyenera kukumbukira posankha zida zachitetezo
Zigawo zitatu za chitetezo cha DBMS: chitetezo cholumikizira, kuwunika ntchito ndi chitetezo cha data

Kuteteza malumikizano anu

Mutha kulumikizana ndi database mwachindunji kapena mwanjira ina kudzera pa intaneti. Monga lamulo, wogwiritsa ntchito bizinesi, ndiye kuti, munthu amene amagwira ntchito ndi DBMS, amalumikizana nawo molakwika.

Musanalankhule za chitetezo cholumikizira, muyenera kuyankha mafunso ofunikira omwe amatsimikizira momwe njira zachitetezo zidzakhazikitsidwa:

  • Kodi wogwiritsa ntchito m'modzi akufanana ndi wogwiritsa ntchito m'modzi wa DBMS?
  • kaya kupeza deta ya DBMS kumaperekedwa kokha kudzera mu API yomwe mumayendetsa, kapena ngati matebulo akupezeka mwachindunji;
  • ngati DBMS imaperekedwa ku gawo lina lotetezedwa, lomwe limalumikizana nalo ndi momwe;
  • kaya kugwirizanitsa / pulojekiti ndi zigawo zapakati zimagwiritsidwa ntchito, zomwe zingasinthe zambiri za momwe kugwirizana kumapangidwira komanso omwe akugwiritsa ntchito deta.

Tsopano tiyeni tiwone zida zomwe zingagwiritsidwe ntchito kuteteza kulumikizana:

  1. Gwiritsani ntchito mayankho a database ya firewall class. Chowonjezera chowonjezera cha chitetezo chidzawonjezera kuwonekera kwa zomwe zikuchitika mu DBMS, ndipo pamapeto pake, mudzatha kupereka chitetezo chowonjezera cha deta.
  2. Gwiritsani ntchito malamulo achinsinsi. Kugwiritsa ntchito kwawo kumadalira momwe zomangamanga zanu zimapangidwira. Mulimonsemo, mawu achinsinsi amodzi mu fayilo yosinthika ya pulogalamu yapaintaneti yomwe imalumikizana ndi DBMS sikokwanira kuti itetezedwe. Pali zida zingapo za DBMS zomwe zimakulolani kuwongolera kuti wogwiritsa ntchito ndi mawu achinsinsi amafunikira kusinthidwa.

    Mutha kuwerenga zambiri za ntchito zowerengera ogwiritsa ntchito apa, mutha kudziwanso za MS SQL Vulnerability Assessmen apa

  3. Limbikitsani zochitika za gawoli ndi chidziwitso chofunikira. Ngati gawolo liri losawoneka bwino, simukumvetsa yemwe akugwira ntchito mu DBMS mkati mwa chimango chake, mungathe, mkati mwa ndondomeko ya opaleshoni yomwe ikuchitika, kuwonjezera zambiri za yemwe akuchita chiyani ndi chifukwa chiyani. Izi zitha kuwoneka mu kafukufukuyu.
  4. Konzani SSL ngati mulibe kupatukana kwa netiweki pakati pa DBMS ndi ogwiritsa ntchito; sizili mu VLAN yosiyana. Zikatero, ndikofunikira kuteteza njira pakati pa ogula ndi DBMS yokha. Zida zotetezera zimapezekanso poyera.

Kodi izi zidzakhudza bwanji magwiridwe antchito a DBMS?

Tiyeni tiwone chitsanzo cha PostgreSQL kuti tiwone momwe SSL imakhudzira kuchuluka kwa CPU, kumawonjezera nthawi ndikuchepetsa TPS, komanso ngati ingawononge zinthu zambiri ngati mungayitheke.

Kuyika PostgreSQL pogwiritsa ntchito pgbench ndi pulogalamu yosavuta yoyeserera magwiridwe antchito. Imatsatira malamulo angapo mobwerezabwereza, mwina m'magawo a database yofananira, kenako ndikuwerengera kuchuluka kwa ndalama zomwe zimachitika.

Yesani 1 popanda SSL ndikugwiritsa ntchito SSL - kugwirizana kumakhazikitsidwa pazochitika zilizonse:

pgbench.exe --connect -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres sslmode=require 
sslrootcert=rootCA.crt sslcert=client.crt sslkey=client.key"

vs

pgbench.exe --connect -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres"

Yesani 2 popanda SSL ndikugwiritsa ntchito SSL - Zochita zonse zimachitika munjira imodzi:

pgbench.exe -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres sslmode=require
sslrootcert=rootCA.crt sslcert=client.crt sslkey=client.key"

vs

pgbench.exe -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres"

Zokonda zina:

scaling factor: 1
query mode: simple
number of clients: 10
number of threads: 1
number of transactions per client: 5000
number of transactions actually processed: 50000/50000

Zotsatira za mayeso:

 
PA SSL
SSL

Kulumikizana kumakhazikitsidwa pazochita zilizonse

latency average
171.915 ms
187.695 ms

tps kuphatikiza kukhazikitsa zolumikizira
58.168112
53.278062

tps osaphatikiza kukhazikitsidwa
64.084546
58.725846

CPU
24%
28%

Zochita zonse zimachitika pakugwirizana kumodzi

latency average
6.722 ms
6.342 ms

tps kuphatikiza kukhazikitsa zolumikizira
1587.657278
1576.792883

tps osaphatikiza kukhazikitsidwa
1588.380574
1577.694766

CPU
17%
21%

Pakatundu wopepuka, chikoka cha SSL chimafanana ndi cholakwika chamiyeso. Ngati kuchuluka kwa deta yomwe yasamutsidwa ndi yayikulu kwambiri, zinthu zitha kukhala zosiyana. Ngati tikhazikitsa kulumikizana kumodzi pazochitika zilizonse (izi ndizosowa, nthawi zambiri kulumikizana kumagawidwa pakati pa ogwiritsa ntchito), muli ndi zolumikizira zambiri / zolekanitsidwa, zotsatira zake zitha kukhala zazikulu pang'ono. Ndiko kuti, pakhoza kukhala zoopsa za kuchepa kwa ntchito, komabe, kusiyana sikuli kwakukulu kotero kuti musagwiritse ntchito chitetezo.

Chonde dziwani kuti pali kusiyana kwakukulu ngati muyerekezera njira zogwirira ntchito: mukugwira ntchito mkati mwa gawo limodzi kapena mosiyana. Izi ndizomveka: zothandizira zimagwiritsidwa ntchito popanga mgwirizano uliwonse.

Tinali ndi mlandu pamene tinagwirizanitsa Zabbix mu mode trust, ndiko kuti, md5 sinafufuzidwe, panalibe chifukwa chotsimikizira. Kenako kasitomala adafunsa kuti ayambitse njira yotsimikizira ya md5. Izi zinaika katundu wolemera pa CPU, ndipo ntchito inatsika. Tinayamba kufunafuna njira zowonjezera. Imodzi mwa njira zothetsera vutoli ndi kukhazikitsa zoletsa maukonde, kupanga VLAN osiyana kwa DBMS, kuwonjezera zoikamo kuti zimveke bwino amene kulumikiza kuchokera kumene ndi kuchotsa kutsimikizika. kawirikawiri kugwiritsa ntchito njira zosiyanasiyana kutsimikizira kumakhudza ntchito ndipo kumafuna kuganizira izi popanga mphamvu zamakompyuta za maseva (hardware) kwa DBMS.

Kutsiliza: muzothetsera zingapo, ngakhale zing'onozing'ono zotsimikizirika zingakhudze kwambiri polojekitiyi ndipo zimakhala zoipa pamene izi zimawonekera pokhapokha zitagwiritsidwa ntchito popanga.

Action audit

Kufufuza sikungakhale DBMS yokha. Kufufuza kumakhudza kupeza zambiri pazomwe zikuchitika m'magawo osiyanasiyana. Izi zitha kukhala firewall ya database kapena makina ogwiritsira ntchito pomwe DBMS imamangidwa.

Mu DBMSs zamalonda zamalonda zonse zili bwino ndi kafukufuku, koma poyera - osati nthawi zonse. Izi ndi zomwe PostgreSQL ili nayo:

  • chipika chosasinthika - kudula mitengo yomangidwa;
  • zowonjezera: pgaudit - ngati kudula mitengo kosakwanira sikukukwanirani, mutha kugwiritsa ntchito makonda osiyanasiyana omwe amathetsa mavuto ena.

Kuwonjezera pa lipoti muvidiyoyi:

"Kudula mitengo yoyambira kumatha kuperekedwa ndi malo odula mitengo omwe ali ndi log_statement = zonse.

Izi ndizovomerezeka pakuwunika komanso kugwiritsa ntchito zina, koma sizimapereka mwatsatanetsatane momwe zimafunikira pakuwunika.

Sikokwanira kukhala ndi mndandanda wazinthu zonse zomwe zachitika pankhokwe.

Ziyeneranso kukhala zotheka kupeza ziganizo zenizeni zomwe ziri zokondweretsa kwa auditor.

Kudula mitengo kokhazikika kumawonetsa zomwe wogwiritsa ntchito adapempha, pomwe pgAudit imayang'ana tsatanetsatane wa zomwe zidachitika pomwe database idafunsa.

Mwachitsanzo, wowerengera angafune kutsimikizira kuti tebulo linalake linapangidwa mkati mwa zenera lokonzekera zolembedwa.

Izi zitha kuwoneka ngati ntchito yophweka yokhala ndi ma auditing ndi grep, koma bwanji ngati mutapatsidwa chitsanzo chonga ichi (chosokoneza mwadala):

DO$$
YAMBA
PEREKA 'PANGANI TABLE kulowetsa' | 'ant_table(id int)';
END$$;

Kudula mitengo mokhazikika kukupatsani izi:

LOG: mawu: DO $$
YAMBA
PEREKA 'PANGANI TABLE kulowetsa' | 'ant_table(id int)';
END$$;

Zikuwoneka kuti kupeza tebulo lachidwi kungafunike chidziwitso cha code nthawi zomwe matebulo amapangidwa mwamphamvu.

Izi sizabwino, chifukwa zingakhale bwino kungofufuza ndi dzina la tebulo.

Apa ndipamene pgAudit imabwera bwino.

Pakulowetsa komweko, itulutsa izi mu chipika:

ONANI: PHUNZIRO,33,1,NTCHITO,CHITANI,,,"CHITA $$
YAMBA
PEREKA 'PANGANI TABLE kulowetsa' | 'ant_table(id int)';
END$$;"
AUDIT: SESSION,33,2,DDL,CREATE TABLE,TABLE,public.important_table,PANGANI TABLE zofunika_tebulo (id INT)

Osati chipika cha DO chokha chomwe chalowetsedwa, komanso zolemba zonse za CREATE TABLE ndi mtundu wa mawu, mtundu wa chinthu, ndi dzina lathunthu, kupangitsa kusaka kukhala kosavuta.

Mukadula ziganizo za SELECT ndi DML, pgAudit ikhoza kukhazikitsidwa kuti ilowetse malo osiyana pa ubale uliwonse womwe watchulidwa mu mawuwo.

Palibe kusanthula kofunikira kuti mupeze ziganizo zonse zomwe zimakhudza tebulo linalake (*) ».

Kodi izi zidzakhudza bwanji magwiridwe antchito a DBMS?

Tiyeni tiyesetse kuyesa ndikuwunika kwathunthu ndikuwona zomwe zimachitika pakuchita kwa PostgreSQL. Tiyeni tiwongolere kuchuluka kwa mitengo ya database pamagawo onse.

Sitisintha chilichonse mufayilo yosinthira, chofunikira kwambiri ndikuyatsa debug5 mode kuti mudziwe zambiri.

postgresql.conf

log_destination = 'stderr'
logging_collector = pa
log_truncate_on_rotation = pa
log_rotation_age = 1d
log_rotation_size = 10MB
log_min_messages = debug5
log_min_error_statement = debug5
log_min_duration_statement = 0
debug_print_parse = pa
debug_print_rewritten = pa
debug_print_plan = pa
debug_pretty_print = pa
log_checkpoints = pa
log_connections = pa
log_disconnections = pa
log_duration = pa
log_hostname = pa
log_lock_wait = pa
log_replication_commands = pa
log_temp_files = 0
log_timezone = 'Europe/Moscow'

Pa PostgreSQL DBMS yokhala ndi magawo a 1 CPU, 2,8 GHz, 2 GB RAM, 40 GB HDD, timayesa mayeso atatu pogwiritsa ntchito malamulo:

$ pgbench -p 3389 -U postgres -i -s 150 benchmark
$ pgbench -p 3389 -U postgres -c 50 -j 2 -P 60 -T 600 benchmark
$ pgbench -p 3389 -U postgres -c 150 -j 2 -P 60 -T 600 benchmark

Zotsatira zoyesa:

Palibe kudula mitengo
Ndi kudula mitengo

Nthawi yonse yodzaza database
Mphindi 43,74
Mphindi 53,23

RAM
24%
40%

CPU
72%
91%

Yesani 1 (50 zolumikizira)

Chiwerengero cha zochitika mu mphindi 10
74169
32445

Zochita/mphindi
123
54

Average Latency
405 ms
925 ms

Yesani 2 (150 kulumikizana ndi 100 zotheka)

Chiwerengero cha zochitika mu mphindi 10
81727
31429

Zochita/mphindi
136
52

Average Latency
550 ms
1432 ms

Za kukula kwake

DB kukula
2251 MB
2262 MB

Kukula kwa chipika cha database
0 MB
4587 MB

Mfundo yofunika: kufufuza kwathunthu sikwabwino kwambiri. Deta yochokera ku kafukufukuyo idzakhala yayikulu ngati yomwe ili mu database yokha, kapena kupitilira apo. Kuchuluka kwa mitengo yomwe imapangidwa pogwira ntchito ndi DBMS ndi vuto lodziwika bwino pakupanga.

Tiyeni tiwone magawo ena:

  • Liwiro sasintha kwambiri: popanda kudula mitengo - 43,74 masekondi, ndi mitengo - 53,23 masekondi.
  • Kuchita kwa RAM ndi CPU kudzavutika chifukwa muyenera kupanga fayilo yowunikira. Izi zimawonekeranso pakuchita bwino.

Pamene chiwerengero cha maulumikizidwe chikuwonjezeka, mwachibadwa, ntchitoyo idzawonongeka pang'ono.

M'mabungwe omwe ali ndi audit ndizovuta kwambiri:

  • pali zambiri deta;
  • kufufuza kumafunika osati kudzera mu syslog mu SIEM, komanso m'mafayilo: ngati chinachake chikuchitika ku syslog, payenera kukhala fayilo pafupi ndi deta yomwe deta imasungidwa;
  • pakuwunika, shelufu yosiyana imafunika kuti musawononge pa disks za I / O, chifukwa zimatenga malo ambiri;
  • Zimachitika kuti ogwira ntchito zachitetezo azidziwitso amafunikira miyezo ya GOST kulikonse, amafuna chizindikiritso cha boma.

Kuletsa kupeza deta

Tiyeni tiwone matekinoloje omwe amagwiritsidwa ntchito kuteteza deta ndikuyipeza mu DBMS zamalonda ndi gwero lotseguka.

Zomwe mungagwiritse ntchito nthawi zambiri:

  1. Kubisa ndi kusokoneza machitidwe ndi ntchito (Kukulunga) - ndiko kuti, zida zosiyana ndi zofunikira zomwe zimapangitsa kuti code ikhale yosawerengeka. Zowona, ndiye kuti sizingasinthidwe kapena kubwezeretsedwanso. Njirayi nthawi zina imafunikira ku mbali ya DBMS - malingaliro oletsa ziphaso kapena malingaliro ovomerezeka amasungidwa bwino pamachitidwe ndi magwiridwe antchito.
  2. Kuchepetsa kuwonekera kwa deta ndi mizere (RLS) ndi pamene ogwiritsa ntchito osiyanasiyana amawona tebulo limodzi, koma mizere yosiyana ya mizere mmenemo, ndiko kuti, chinachake sichingasonyezedwe kwa wina pamzere wa mzere.
  3. Kusintha deta yowonetsedwa (Masking) ndi pamene ogwiritsa ntchito mugawo limodzi la tebulo amawona deta kapena nyenyezi zokha, ndiko kuti, kwa ogwiritsa ntchito ena chidziwitso chidzatsekedwa. Ukadaulo umatsimikizira kuti ndi wogwiritsa ntchito ndani yemwe akuwonetsedwa kutengera momwe amafikira.
  4. Chitetezo cha DBA/Application DBA/DBA control access ndi kuletsa kulowa kwa DBMS yokha, ndiye kuti, ogwira ntchito zachitetezo azidziwitso amatha kupatulidwa ndi oyang'anira database ndi oyang'anira ntchito. Pali matekinoloje ochepa otere omwe ali pagwero lotseguka, koma pali zambiri muzamalonda za DBMS. Amafunika pamene pali ogwiritsa ntchito ambiri omwe ali ndi mwayi wopeza ma seva okha.
  5. Kuletsa kupeza mafayilo pamlingo wamafayilo. Mutha kupatsa ufulu ndi mwayi wopeza maulalo kuti woyang'anira aliyense azingopeza zofunikira zokha.
  6. Kufikira kovomerezeka ndi kuyeretsa kukumbukira - matekinoloje awa sagwiritsidwa ntchito kawirikawiri.
  7. Kutsekera-kumapeto molunjika kuchokera ku DBMS ndikubisa kwa kasitomala ndi kasamalidwe kofunikira pa seva.
  8. Kubisa kwa data. Mwachitsanzo, columnar encryption ndi pamene mumagwiritsa ntchito makina omwe amabisa ndime imodzi ya database.

Kodi izi zimakhudza bwanji magwiridwe antchito a DBMS?

Tiyeni tiwone chitsanzo cha columnar encryption mu PostgreSQL. Pali gawo la pgcrypto, limakupatsani mwayi wosunga magawo osankhidwa mu mawonekedwe obisika. Izi ndi zothandiza pamene ena deta ndi ofunika. Kuti muwerenge minda yosungidwa, kasitomala amatumiza kiyi ya decryption, seva imachotsa deta ndikuibwezera kwa kasitomala. Popanda kiyi, palibe amene angachite chilichonse ndi deta yanu.

Tiyeni tiyese ndi pgcrypto. Tiyeni tipange tebulo lomwe lili ndi deta yobisika komanso deta yokhazikika. Pansipa pali malamulo opangira matebulo, pamzere woyamba pali lamulo lothandiza - kupanga chowonjezera chokha ndi kulembetsa kwa DBMS:

CREATE EXTENSION pgcrypto;
CREATE TABLE t1 (id integer, text1 text, text2 text);
CREATE TABLE t2 (id integer, text1 bytea, text2 bytea);
INSERT INTO t1 (id, text1, text2)
VALUES (generate_series(1,10000000), generate_series(1,10000000)::text, generate_series(1,10000000)::text);
INSERT INTO t2 (id, text1, text2) VALUES (
generate_series(1,10000000),
encrypt(cast(generate_series(1,10000000) AS text)::bytea, 'key'::bytea, 'bf'),
encrypt(cast(generate_series(1,10000000) AS text)::bytea, 'key'::bytea, 'bf'));

Kenaka, tiyeni tiyese kupanga chitsanzo cha deta kuchokera patebulo lililonse ndikuyang'ana nthawi yophedwa.

Kusankha patebulo popanda ntchito yobisa:

psql -c "timing" -c "select * from t1 limit 1000;" "host=192.168.220.129 dbname=taskdb
user=postgres sslmode=disable" > 1.txt

Stopwatch yayatsidwa.

  id | mawu1 | mawu2
——+———-+———-
1 | 1 | 1
2 | 2 | 2
3 | 3 | 3
...
997 | 997 | 997
998 | 998 | 998
999 | 999 | 999
1000 | 1000 | 1000
(1000 mizere)

Nthawi: 1,386 ms

Kusankha patebulo lomwe lili ndi ntchito yobisa:

psql -c "timing" -c "select id, decrypt(text1, 'key'::bytea, 'bf'),
decrypt(text2, 'key'::bytea, 'bf') from t2 limit 1000;"
"host=192.168.220.129 dbname=taskdb user=postgres sslmode=disable" > 2.txt

Stopwatch yayatsidwa.

  id | decrypt | decrypt
——+——————+—————
1 | x31 | x31
2 | x32 | x32
3 | x33 | x33
...
999 | x393939 | x393939
1000 | x31303030 | x31303030
(1000 mizere)

Nthawi: 50,203 ms

Zotsatira za mayeso:

 
Popanda kubisa
Pgcrypto (decrypt)

Chitsanzo cha mizere 1000
1,386 ms
50,203 ms

CPU
15%
35%

RAM
 
+ 5%

Kubisa kumakhudza kwambiri magwiridwe antchito. Zitha kuwoneka kuti nthawiyo yakula, popeza kusungitsa deta yosungidwa (ndipo kubisa nthawi zambiri kumamatira mumalingaliro anu) kumafunikira zofunikira. Ndiko kuti, lingaliro la kubisa mizati yonse yomwe ili ndi deta imadzaza ndi kuchepa kwa magwiridwe antchito.

Komabe, kubisa si chipolopolo chasiliva chomwe chimathetsa mavuto onse. Decrypted decrypted and decryption key in the process of decrypting and transmitted data are on the server. Chifukwa chake, makiyi amatha kulumikizidwa ndi munthu yemwe ali ndi mwayi wofikira pa seva ya database, monga woyang'anira dongosolo.

Pakakhala fungulo limodzi la gawo lonse la ogwiritsa ntchito onse (ngakhale si onse, koma kwa makasitomala ocheperako), izi sizikhala zabwino komanso zolondola nthawi zonse. Ichi ndichifukwa chake adayamba kubisala kumapeto, mu DBMS adayamba kuganizira zosankha zosungira deta pa kasitomala ndi mbali ya seva, ndipo makiyi omwewo adawonekera - zinthu zosiyana zomwe zimapereka kasamalidwe kofunikira pa DBMS. mbali.

Chitetezo ndi DBMS: zomwe muyenera kukumbukira posankha zida zachitetezo
Chitsanzo cha kubisa kotereku ku MongoDB

Zotetezedwa muzamalonda ndi gwero lotseguka la DBMS

Ntchito
mtundu
Ndondomeko Yachinsinsi
Audit
Kuteteza magwero a ndondomeko ndi ntchito
RLS
Kubisa

Oracle
malonda
+
+
+
+
+

Mssql
malonda
+
+
+
+
+

Jatoba
malonda
+
+
+
+
yophunzitsa

PostgreSQL
Free
yophunzitsa
yophunzitsa
-
+
yophunzitsa

MongoDb
Free
-
+
-
-
Imapezeka mu MongoDB Enterprise yokha

Gome silingathe, koma izi ndi izi: muzinthu zamalonda, mavuto a chitetezo atha kwa nthawi yaitali, poyera, monga lamulo, mtundu wina wa zowonjezera zimagwiritsidwa ntchito pachitetezo, ntchito zambiri zikusowa. , nthawi zina umafunika kuwonjezera zina. Mwachitsanzo, mfundo zachinsinsi - PostgreSQL ili ndi zowonjezera zosiyanasiyana (1, 2, 3, 4, 5), omwe amatsatira malamulo achinsinsi, koma, m'malingaliro mwanga, palibe iliyonse yomwe imakwaniritsa zofunikira zonse zamagulu apanyumba.

Zoyenera kuchita ngati mulibe zomwe mukufuna kulikonse? Mwachitsanzo, mukufuna kugwiritsa ntchito DBMS yeniyeni yomwe ilibe ntchito zomwe kasitomala amafuna.

Ndiye mutha kugwiritsa ntchito mayankho a chipani chachitatu omwe amagwira ntchito ndi ma DBMS osiyanasiyana, mwachitsanzo, Crypto DB kapena Garda DB. Ngati tikukamba za mayankho ochokera kumagulu apakhomo, ndiye kuti amadziwa bwino za GOSTs kusiyana ndi gwero lotseguka.

Njira yachiwiri ndikulemba zomwe mukufuna nokha, gwiritsani ntchito mwayi wofikira ndi kubisa muzolembazo pamlingo wamachitidwe. Zowona, zidzakhala zovuta kwambiri ndi GOST. Koma kawirikawiri, mukhoza kubisala zomwe zikufunikira, kuziyika mu DBMS, kenaka zitengereni ndikuzilemba ngati mukufunikira, pamlingo wa ntchito. Nthawi yomweyo, ganizirani nthawi yomweyo momwe mungatetezere ma aligorivimu mukugwiritsa ntchito. Malingaliro athu, izi ziyenera kuchitidwa pamlingo wa DBMS, chifukwa zidzagwira ntchito mofulumira.

Lipotili linaperekedwa koyamba pa @Databases Meetup ndi Mail.ru Cloud Solutions. Penyani! видео zisudzo zina ndikulembetsa ku zolengeza zochitika pa Telegraph Pafupi ndi Kubernetes ku Mail.ru Group.

Chinanso choti muwerenge pamutuwu:

  1. Kuposa Ceph: Kusungirako kwamtambo kwa MCS.
  2. Momwe mungasankhire nkhokwe ya polojekiti kuti musasankhenso.

Source: www.habr.com

Kuwonjezera ndemanga