Poyembekezera kuyamba kwa kulembetsa kwatsopano kwa maphunzirowa tikupitilizabe kufalitsa nkhani zingapo zokhuza kubisa mu MySQL.
Mβnkhani yapitayi, tinakambirana . Lero, kutengera chidziwitso chomwe tapeza kale, tiyeni tiwone kuzungulira kwa makiyi akulu.
Master key rotation imaphatikizapo kupanga kiyi yatsopano ya master ndikulembanso makiyi a tablespace (omwe amasungidwa pamitu ya tablespace) ndi kiyi yatsopanoyi.
Tiyeni tikumbukire momwe mutu wa tebulo losungidwa umawonekera:
Kuchokera m'nkhani yapitayi, tikudziwa kuti seva imawerenga mitu ya malo onse osungidwa patebulo poyambira ndikukumbukira ID yayikulu kwambiri KEY. Mwachitsanzo ngati tili ndi matebulo atatu ndi KEYID = 3 ndi tebulo limodzi lokhala ndi KEYID = 4, ndiye makiyi apamwamba kwambiri adzakhala 4. Tiyeni tiyitane ID YOFUNIKA - MAX KEY ID.
Momwe master key rotation imagwirira ntchito
1. Wogwiritsa ntchito ALTER INNODB MASTER KEY.
2. Seva imapempha keyring kuti ipange key master yatsopano ndi seva UUID ndi KEYID yofanana ndi imodzi kuphatikiza MAXZOFUNIKAID. Chifukwa chake timapeza master key id yofanana ndi INNODBKEY-UUID-(MAXZOFUNIKAID + 1). Pakupanga kopambana kwa kiyi ya master, ID ya MAX KEY imakulitsidwa ndi imodzi (ie MAXZOFUNIKAID=MAXZOFUNIKAID + 1).
3. Seva imayang'ana malo onse a tebulo obisidwa ndi kiyi ya master, komanso patebulo lililonse:
-
sungani kiyi ya tablespace ndi kiyi yatsopano ya master;
-
ikonzanso id kiyi ku MAX yatsopanoZOFUNIKAID;
-
ngati UUID ndi yosiyana ndi seva UUID, ndiye sinthani seva UUID.
Monga tikudziwira, Master Key ID yomwe imagwiritsidwa ntchito polemba tebulo imakhala ndi UUID ndi ID YOFUNIKA yowerengedwa kuchokera pamutu wapa tebulo. Zomwe tikuchita pano ndikukonzanso izi mumutu wa encryption wa tablespace kuti seva ilandire kiyi yolondola.
Ngati tili ndi ma tablespaces ochokera kumalo osiyanasiyana, monga ma backups osiyanasiyana, ndiye kuti angagwiritse ntchito makiyi osiyana. Makiyi onse ambuyewa adzafunika kubwezeredwa kuchokera kumalo osungirako seva ikayamba. Izi zitha kuchepetsa kuyambika kwa seva, makamaka ngati sitolo ya makiyi a seva imagwiritsidwa ntchito. Ndi master key rotation, timabisanso makiyi a tablespace ndi kiyi imodzi yokha yomwe ili yofanana pamapaketi onse. Seva tsopano iyenera kulandira kiyi imodzi yokha ya master poyambitsa.
Izi, ndithudi, ndi zotsatira zabwino chabe. Cholinga chachikulu cha master key rotation ndikupangitsa seva yathu kukhala yotetezeka kwambiri. Zikachitika kuti kiyi ya master idabedwa mwanjira ina (mwachitsanzo, kuchokera ku Vault Server), ndizotheka kupanga kiyi yatsopano ndikulembanso makiyi a tablespace, kuletsa fungulo labedwa. Ndife otetezeka...pafupifupi.
M'nkhani yapitayi, ndidalankhula za momwe fungulo la tablespace litabedwa, munthu wina angagwiritse ntchito kuti awononge deta. Kupatula kuti pali mwayi wofikira ku disk yathu. Ngati kiyi ya master yabedwa ndipo muli ndi mwayi wopeza zomwe zasungidwa, mutha kugwiritsa ntchito kiyi yabedwa kuti mutsitse kiyi ya tablespace ndikupeza deta yosungidwa. Monga mukuonera, kusinthasintha kwa kiyi ya master sikuthandiza pankhaniyi. Timalembanso kiyi ya tablespace ndi kiyi yatsopano, koma kiyi yeniyeni yomwe imagwiritsidwa ntchito kubisa / kubisa deta imakhalabe yofanana. Choncho, "hacker" akhoza kupitiriza ntchito decrypt deta. M'mbuyomu ndidalembapo imatha kubisanso kubisa kowona kwa tablespace, osati kungolembanso makiyi osavuta a tablespace. Izi zimatchedwa encryption threads. Komabe, magwiridwe antchitowa akadali oyesera pakadali pano.
Master key rotation ndi yothandiza pamene kiyi ya master yabedwa, koma palibe njira yoti wowukirayo agwiritse ntchito ndikuchotsa makiyi a tablespace.
Werengani zambiri:
Source: www.habr.com