ProHoster > Blog > Tsamaiso > Tšireletso le DBMS: seo u lokelang ho se hopola ha u khetha lisebelisoa tsa ts'ireletso

Tšireletso le DBMS: seo u lokelang ho se hopola ha u khetha lisebelisoa tsa ts'ireletso

Tšireletso le DBMS: seo u lokelang ho se hopola ha u khetha lisebelisoa tsa ts'ireletso

Lebitso la ka ke Denis Rozhkov, ke hlooho ea nts'etsopele ea software k'hamphaning ea Gazinformservice, sehlopheng sa lihlahisoa. Jatoba. Melao le melaoana ea khoebo e beha litlhoko tse itseng bakeng sa ts'ireletso ea polokelo ea data. Ha ho na motho ea batlang hore batho ba boraro ba fumane boitsebiso ba lekunutu, kahoo lintlha tse latelang li bohlokoa bakeng sa morero leha e le ofe: ho tsebahatsa le ho netefatsa, ho laola phihlelo ea data, ho netefatsa botšepehi ba tlhahisoleseding tsamaisong, ho rema liketsahalo tsa ts'ireletso. Ka hona, ke batla ho bua ka lintlha tse ling tse khahlisang mabapi le ts'ireletso ea DBMS.

Sengoliloeng se lokiselitsoe ho latela puo ea ho @DatabasesMeetup, hlophisoa Mail.ru Cloud Solutions. Haeba u sa batle ho bala, u ka shebella:


Sengoloa se tla ba le likarolo tse tharo:

  • Mokhoa oa ho boloka likhokahano.
  • Tlhahlobo ea liketso ke eng le mokhoa oa ho rekota se etsahalang ka lehlakoreng la database le ho hokela ho eona.
  • Mokhoa oa ho sireletsa data ho database ka boeona le hore na ke mahlale afe a fumanehang bakeng sa sena.

Tšireletso le DBMS: seo u lokelang ho se hopola ha u khetha lisebelisoa tsa ts'ireletso
Likarolo tse tharo tsa ts'ireletso ea DBMS: ts'ireletso ea khokahano, tlhahlobo ea ts'ebetso le ts'ireletso ea data

Ho sireletsa likhokahano tsa hau

O ka hokela ho database ka kotloloho kapa ka mokhoa o sa tobang ka lits'ebetso tsa webo. E le molao, mosebeletsi oa khoebo, ke hore, motho ea sebetsang le DBMS, o sebelisana le eona ka tsela e sa tobang.

Pele o bua ka ho sireletsa likhokahano, o hloka ho araba lipotso tsa bohlokoa tse bontšang hore na mehato ea ts'ireletso e tla hlophisoa joang:

  • Na mosebelisi a le mong oa khoebo o lekana le mosebelisi a le mong oa DBMS?
  • hore na ho fihlella data ea DBMS ho fanoa feela ka API eo u e laolang, kapa hore na litafole li fumaneha ka ho toba;
  • hore na DBMS e abetsoe karolo e arohaneng e sirelelitsoeng, e sebetsanang le eona le joang;
  • ho sa tsotellehe hore na ho sebelisoa lihlopha / li-proxy le lihlopha tse bohareng, tse ka fetolang tlhahisoleseding mabapi le hore na khokahanyo e hahiloe joang le hore na ke mang ea sebelisang database.

Joale a re boneng hore na ke lisebelisoa life tse ka sebelisoang ho boloka likhokahano:

  1. Sebelisa litharollo tsa sehlopha sa li-firewall tsa database. Sebaka se eketsehileng sa tšireletso, bonyane, se tla eketsa pepeneneng ea se etsahalang ho DBMS, 'me ka ho fetisisa, u tla khona ho fana ka tšireletso e eketsehileng ea data.
  2. Sebelisa maano a password. Tšebeliso ea bona e itšetlehile ka hore na mohaho oa hau o hahiloe joang. Ho sa tsotellehe boemo leha e le bofe, phasewete e le 'ngoe faeleng ea tlhophiso ea kopo ea websaete e amanang le DBMS ha e lekane bakeng sa tšireletso. Ho na le lisebelisoa tse ngata tsa DBMS tse u lumellang ho laola hore mosebelisi le password li hloka ho ntlafatsoa.

    U ka bala haholoanyane ka mesebetsi ea litekanyetso tsa basebelisi mona, u ka boela ua tseba ka MS SQL Vulnerability Assessmen mona

  3. Ntlafatsa maemo a thuto ka lintlha tse hlokahalang. Haeba seboka se opaque, ha u utloisise hore na ke mang ea sebetsang ho DBMS ka har'a moralo oa eona, u ka khona, ka har'a moralo oa ts'ebetso e etsoang, eketsa tlhahisoleseding mabapi le hore na ke mang ea etsang eng le hore na ke hobane'ng. Lintlha tsena li ka bonoa tlhahlobong.
  4. Lokisa SSL haeba u sena karohano ea marang-rang pakeng tsa DBMS le basebelisi ba ho qetela; ha e VLAN e arohaneng. Maemong a joalo, ho bohlokoa ho sireletsa mocha pakeng tsa moreki le DBMS ka boeona. Lisebelisoa tsa ts'ireletso li boetse li fumaneha mohloling o bulehileng.

See se tla ama ts'ebetso ea DBMS joang?

Ha re shebeng mohlala oa PostgreSQL ho bona hore na SSL e ama mojaro oa CPU joang, e eketsa nako le ho fokotsa TPS, le hore na e tla sebelisa lisebelisoa tse ngata haholo haeba u e nolofalletsa.

Ho kenya PostgreSQL ho sebelisa pgbench ke lenaneo le bonolo la ho etsa liteko tsa ts'ebetso. E sebelisa tatelano e le 'ngoe ea litaelo khafetsa, mohlomong ka linako tse tšoanang tsa database, ebe e bala kakaretso ea sekhahla sa thekiso.

Lekola 1 ntle le SSL le ho sebelisa SSL - Khokahano e thehiloe molemong oa khoebo ka 'ngoe:

pgbench.exe --connect -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres sslmode=require 
sslrootcert=rootCA.crt sslcert=client.crt sslkey=client.key"

vs

pgbench.exe --connect -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres"

Lekola 2 ntle le SSL le ho sebelisa SSL - litšebelisano tsohle li etsoa ka khokahanyo e le 'ngoe:

pgbench.exe -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres sslmode=require
sslrootcert=rootCA.crt sslcert=client.crt sslkey=client.key"

vs

pgbench.exe -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres"

Litlhophiso tse ling:

scaling factor: 1
query mode: simple
number of clients: 10
number of threads: 1
number of transactions per client: 5000
number of transactions actually processed: 50000/50000

Liphetho tsa liteko:

 
HA HO SSL
SSL

Khokahano e thehiloe molemong oa khoebo e ngoe le e ngoe

karohano ea morao-rao
171.915 ms
187.695 ms

tps ho kenyelletsa ho theha likhokahano
58.168112
53.278062

tps ntle le ho theha likhokahano
64.084546
58.725846

CPU
24%
28%

Litšebelisano tsohle li etsoa ka khokahanyo e le 'ngoe

karohano ea morao-rao
6.722 ms
6.342 ms

tps ho kenyelletsa ho theha likhokahano
1587.657278
1576.792883

tps ntle le ho theha likhokahano
1588.380574
1577.694766

CPU
17%
21%

Ka meroalo e bobebe, tšusumetso ea SSL e bapisoa le phoso ea tekanyo. Haeba palo ea data e fetisitsoeng e le khōlō haholo, boemo bo ka 'na ba fapana. Haeba re theha khokahanyo e le 'ngoe bakeng sa khoebo e 'ngoe le e 'ngoe (sena ke seoelo, hangata khokahanyo e arolelanoa pakeng tsa basebelisi), o na le palo e kholo ea likhokahano/likhaollo, tšusumetso e kanna ea ba kholo hanyane. Ke hore, ho ka 'na ha e-ba le likotsi tsa ho fokotseha ha ts'ebetso, leha ho le joalo, phapang ha e kholo hoo u sa sebeliseng tšireletso.

Ka kopo hlokomela hore ho na le phapang e matla haeba u bapisa mekhoa ea ts'ebetso: u sebetsa ka har'a seboka se le seng kapa ka tse fapaneng. Sena sea utloahala: lisebelisoa li sebelisoa ho theha khokahano ka 'ngoe.

Re ne re e-na le nyeoe ha re hokahanya Zabbix ka mokhoa oa tšepo, ke hore, md5 ha ea hlahlojoa, ho ne ho se na tlhokahalo ea ho netefatsa. Ebe moreki o kopa ho lumella mokhoa oa netefatso oa md5. Sena se ile sa beha moroalo o boima ho CPU, mme ts'ebetso ea theoha. Re ile ra qala ho batla litsela tsa ho ntlafatsa. E 'ngoe ea tharollo e ka khonehang ea bothata ke ho kenya ts'ebetsong lithibelo tsa marang-rang, ho etsa li-VLAN tse arohaneng bakeng sa DBMS, eketsa litlhophiso ho hlakisa hore na ke mang ea hokelang ho tloha kae le ho tlosa netefatso. ka kakaretso ts'ebeliso ea mekhoa e fapaneng ea netefatso e ama ts'ebetso mme e hloka ho ela hloko lintlha tsena ha o theha matla a komporo ea li-server (hardware) bakeng sa DBMS.

Qetello: ka litharollo tse 'maloa, esita le li-nuances tse nyenyane tsa ho netefatsa li ka ama morero haholo' me ho mpe ha sena se hlaka feela ha se kenngoa ts'ebetsong.

Tlhahlobo ea liketso

Audit e ka se be DBMS feela. Tlhahlobo e mabapi le ho fumana tlhahisoleseling mabapi le se etsahalang likarolong tse fapaneng. Sena e ka ba firewall ea database kapa sistimi e sebetsang eo DBMS e hahiloeng ho eona.

Boemong ba khoebo ea DBMS tsohle li hantle ka tlhahlobo ea libuka, empa mohloling o bulehileng - eseng kamehla. Mona ke seo PostgreSQL e nang le sona:

  • log ea kamehla - ho rema lifate tse hahiloeng;
  • extensions: pgaudit - haeba ho rema lifate ha hoa lekana bakeng sa hau, u ka sebelisa litlhophiso tse arohaneng tse rarollang mathata a mang.

Keketso tlalehong ea video:

"Ho rema lifate tsa motheo ho ka fanoa ke setsi se tloaelehileng sa ho rema lifate se nang le log_statement = tsohle.

Sena se amoheleha bakeng sa tlhahlobo le lits'ebeliso tse ling, empa ha se fane ka boemo ba lintlha tse hlokahalang bakeng sa tlhahlobo.

Ha hoa lekana ho ba le lethathamo la lits'ebetso tsohle tse entsoeng ho database.

Hape ho ka khoneha ho fumana lipolelo tse tobileng tse khahlang mohlahlobi.

Ho rengoa ha lifate ka mokhoa o tloaelehileng ho bontša seo mosebelisi a se kopileng, ha pgAudit e shebane le lintlha tsa se etsahetseng ha database e etsa potso.

Ka mohlala, mohlahlobi a ka 'na a batla ho netefatsa hore tafole e itseng e entsoe ka har'a fensetere ea tlhokomelo e ngotsoeng.

Sena se kanna sa utloahala e le mosebetsi o bonolo o nang le tlhahlobo ea mantlha le grep, empa ho thoe'ng haeba u ka hlahisoa ka mohlala ona (o ferekanyang ka boomo):

DO$$
QALA
PHETHA 'CREATE TABLE import' || 'ant_table(id int)';
QETELA$$;

Ho rema lifate ho tla u fa sena:

LOG: polelo: ETSA $$
QALA
PHETHA 'CREATE TABLE import' || 'ant_table(id int)';
QETELA$$;

Ho bonahala eka ho fumana tafole ea thahasello ho ka hloka tsebo e itseng ea khoutu maemong ao litafole li entsoeng ka matla.

Sena ha se hantle, kaha ho ka ba molemo ho batla feela ka lebitso la tafole.

Mona ke moo pgAudit e tlang teng.

Bakeng sa kenyelletso e tšoanang, e tla hlahisa tlhahiso ena ho log:

TLHAHLOBO: THUTO,33,1, MOSEBETSI,ETSA,,"ETSA $$
QALA
PHETHA 'CREATE TABLE import' || 'ant_table(id int)';
END$$;"
TLHOKOMELISO: THUTO,33,2,DDL,CREATE TABLE,TABLE,public.important_tafole,ETSA LETAFOLE_bohlokoa_tafole (id INT)

Ha se feela DO block e kentsoeng, empa hape le mongolo o felletseng oa CREATE TABLE e nang le mofuta oa polelo, mofuta oa ntho, le lebitso le felletseng, e leng ho nolofalletsang ho batla.

Ha ho rengoa liphatlalatso tsa SELECT le DML, pgAudit e ka hlophisoa hore e kene ka thoko bakeng sa kamano e 'ngoe le e 'ngoe e boletsoeng polelong.

Ha ho hlokehe ho arola ho fumana lipolelo tsohle tse amang tafole e itseng(*) ».

See se tla ama ts'ebetso ea DBMS joang?

Ha re sebetseng liteko ka tlhahlobo e felletseng 'me re bone se etsahalang ka ts'ebetso ea PostgreSQL. Ha re lumelle ho rengoa ha database bakeng sa liparamente tsohle.

Ha re fetole letho faeleng ea tlhophiso, ntho ea bohlokoahali ke ho bulela mokhoa oa debug5 ho fumana tlhaiso-leseling e ngata.

postgresql.conf

log_destination = 'stderr'
logging_collector = on
log_truncate_on_rotation = ho
log_rotation_age = 1d
log_rotation_size = 10MB
log_min_messages = debug5
log_min_error_statement = debug5
log_min_duration_statement = 0
debug_print_parse = on
debug_print_rewritten = on
debug_print_plan = on
debug_pretty_print = butle
log_checkpoints = ho
log_connections = ho
log_disconnections = ho
log_duration = ho
log_hostname = on
log_lock_wait = butle
log_replication_commands = ho
log_temp_files = 0
log_timezone = 'Europe/Moscow'

Ho PostgreSQL DBMS e nang le liparamente tsa 1 CPU, 2,8 GHz, 2 GB RAM, 40 GB HDD, re etsa liteko tse tharo tsa mojaro re sebelisa litaelo:

$ pgbench -p 3389 -U postgres -i -s 150 benchmark
$ pgbench -p 3389 -U postgres -c 50 -j 2 -P 60 -T 600 benchmark
$ pgbench -p 3389 -U postgres -c 150 -j 2 -P 60 -T 600 benchmark

Liphetho tsa liteko:

Ha ho rengoe lifate
Ka ho rema lifate

Kakaretso ea nako ea ho tlatsa database
Metsotsoana e 43,74
Metsotsoana e 53,23

RAM
24%
40%

CPU
72%
91%

Teko ea 1 (50 likhokahano)

Nomoro ea mesebetsi ka metsotso e 10
74169
32445

Litšebelisano/metsotsoana
123
54

Karolelano ea Latency
405 ms
925 ms

Teko ea 2 (150 ea likhokahano le 100 e ka khonehang)

Nomoro ea mesebetsi ka metsotso e 10
81727
31429

Litšebelisano/metsotsoana
136
52

Karolelano ea Latency
550 ms
1432 ms

Mabapi le boholo

DB boholo
2251 MB
2262 MB

Boholo ba polokelo ea polokelo ea litaba
0 MB
4587 MB

Ntlha ea bohlokoa: tlhahlobo e felletseng ha e ntle haholo. Lintlha tse tsoang tlhatlhobong li tla ba kholo joalo ka data e ho database ka boeona, kapa ho feta. Palo ea ho rema lifate e hlahisoang ha u sebetsa le DBMS ke bothata bo tloaelehileng tlhahisong.

Ha re shebeng li-parameter tse ling:

  • Lebelo ha le fetohe haholo: ntle le ho rema lifate - metsotsoana ea 43,74, ka ho rema lifate - metsotsoana e 53,23.
  • Ts'ebetso ea RAM le CPU e tla senyeha, kaha o hloka ho hlahisa faele ea tlhahlobo. Sena se boetse se bonahala tlhahisong.

Ha palo ea likhokahano e ntse e eketseha, ka tlhaho, ts'ebetso e tla senyeha hanyane.

Lik'hamphaning tse nang le audit ho thata le ho feta:

  • ho na le data e ngata;
  • ho hlahloba ha ho hlokehe feela ka syslog ho SIEM, empa hape le lifaeleng: haeba ho hong ho etsahala ho syslog, ho tlameha ho ba le faele e haufi le database eo data e bolokiloeng ho eona;
  • bakeng sa ho hlahloba, ho hlokahala sethala se arohaneng e le hore u se ke ua senya li-disk tsa I / O, kaha ho nka sebaka se ngata;
  • Hoa etsahala hore basebeletsi ba ts'ireletso ea tlhahisoleseding ba hloka litekanyetso tsa GOST hohle, ba hloka boitsebiso ba naha.

E thibela ho fihlella data

Ha re shebeng mahlale a sebelisoang ho sireletsa data le ho e fihlella ho li-DBMS tsa khoebo le mohloling o bulehileng.

Seo u ka se sebelisang ka kakaretso:

  1. Encryption le obfuscation ea mekhoa le mesebetsi (Wrapping) - ke hore, lisebelisoa tse arohaneng le lisebelisoa tse etsang hore khoutu e balehe e se ke ea baloa. Ke 'nete hore e ke ke ea fetoloa kapa ea khutlisetsoa morao. Ka linako tse ling mokhoa ona oa hlokahala bonyane ka lehlakoreng la DBMS - logic ea lithibelo tsa laesense kapa logic ea tumello e patiloe ka mokhoa o nepahetseng molemong oa ts'ebetso le boemo ba ts'ebetso.
  2. Ho fokotsa ponahalo ea data ka mela (RLS) ke ha basebelisi ba fapaneng ba bona tafole e le 'ngoe, empa sebopeho se fapaneng sa mela ho eona, ke hore, ntho e ke keng ea bontšoa ho motho ea boemong ba tatellano.
  3. Ho hlophisa data e bonts'itsoeng (Masking) ke ha basebelisi ba kholomong e le 'ngoe ea tafole ba bona data kapa linaleli feela, ke hore, ho basebelisi ba bang tlhahisoleseling e tla koaloa. Theknoloji e etsa qeto ea hore na ke mosebelisi ofe ea bontšitsoeng ho latela boemo ba bona ba phihlello.
  4. Taolo ea phihlello ea DBA / Kopo ea DBA / DBA e mabapi le ho thibela phihlello ho DBMS ka boeona, ke hore, basebetsi ba ts'ireletso ea tlhahisoleseling ba ka arohanngoa le batsamaisi ba database le batsamaisi ba kopo. Ho na le mahlale a fokolang a joalo mohloling o bulehileng, empa ho na le tse ngata ho li-DBMS tsa khoebo. Lia hlokahala ha ho na le basebelisi ba bangata ba nang le phihlello ea li-server ka bobona.
  5. E thibela phihlello ea lifaele boemong ba sistimi ea faele. U ka fana ka litokelo le litokelo tsa phihlello ho li-directory e le hore molaoli e mong le e mong a fumane data e hlokahalang feela.
  6. Phihlello e tlamang le ho hlakola mohopolo - litheknoloji tsena ha li sebelisoe hangata.
  7. Encryption ea ho qetela ho isa pheletsong ka kotloloho ho tsoa ho DBMS ke encryption ea lehlakore la bareki e nang le taolo ea bohlokoa ka lehlakoreng la seva.
  8. Kholiso ea data. Mohlala, encryption ea columnar ke ha o sebelisa mochini o kentseng kholumo e le 'ngoe ea database.

See se ama ts'ebetso ea DBMS joang?

Ha re shebeng mohlala oa encryption ea columnar ho PostgreSQL. Ho na le module ea pgcrypto, e u lumellang ho boloka masimo a khethiloeng ka mokhoa o patiloeng. Sena se na le thuso ha feela data e itseng e le ea bohlokoa. Ho bala likarolo tse patiloeng, moreki o fetisetsa senotlolo sa decryption, seva e hlakola data ebe e e khutlisetsa ho moreki. Ntle le senotlolo, ha ho motho ea ka etsang letho ka data ea hau.

Ha re lekeng ka pgcrypto. Ha re theheng tafole e nang le data e patiloeng le data e tloaelehileng. Ka tlase ke litaelo tsa ho theha litafole, moleng oa pele ho na le taelo e sebetsang - ho theha katoloso ka boeona ka ngoliso ea DBMS:

CREATE EXTENSION pgcrypto;
CREATE TABLE t1 (id integer, text1 text, text2 text);
CREATE TABLE t2 (id integer, text1 bytea, text2 bytea);
INSERT INTO t1 (id, text1, text2)
VALUES (generate_series(1,10000000), generate_series(1,10000000)::text, generate_series(1,10000000)::text);
INSERT INTO t2 (id, text1, text2) VALUES (
generate_series(1,10000000),
encrypt(cast(generate_series(1,10000000) AS text)::bytea, 'key'::bytea, 'bf'),
encrypt(cast(generate_series(1,10000000) AS text)::bytea, 'key'::bytea, 'bf'));

Ka mor'a moo, ha re leke ho etsa sampole ea data ho tsoa tafoleng ka 'ngoe ebe re sheba linako tsa ho bolaoa.

Ho khetha ho tsoa tafoleng ntle le ts'ebetso ea encryption:

psql -c "timing" -c "select * from t1 limit 1000;" "host=192.168.220.129 dbname=taskdb
user=postgres sslmode=disable" > 1.txt

Stopwatch se butswe.

  id | mongolo1 | mongolo2
——+———-+——-
1 | 1 | 1
2 | 2 | 2
3 | 3 | 3
...
997 | 997 | 997
998 | 998 | 998
999 | 999 | 999
1000 | 1000 | 1000
(1000 mela)

Nako: 1,386 ms

Khetho ho tsoa tafoleng e nang le ts'ebetso ea encryption:

psql -c "timing" -c "select id, decrypt(text1, 'key'::bytea, 'bf'),
decrypt(text2, 'key'::bytea, 'bf') from t2 limit 1000;"
"host=192.168.220.129 dbname=taskdb user=postgres sslmode=disable" > 2.txt

Stopwatch se butswe.

  id | decrypt | decrypt
——+——————+—————
1 | x31 | x31
2 | x32 | x32
3 | x33 | x33
...
999 | x393939 | x393939
1000 | x31303030 | x31303030
(1000 mela)

Nako: 50,203 ms

Liphetho tsa liteko:

 
Ntle le encryption
Pgcrypto (decrypt)

Mohlala oa mela e 1000
1,386 ms
50,203 ms

CPU
15%
35%

RAM
 
+ 5%

Encryption e na le tšusumetso e kholo ts'ebetsong. Hoa bonahala hore nako e eketsehile, kaha ts'ebetso ea decryption ea data e patiloeng ('me hangata decryption e ntse e phuthetsoe mohopolong oa hau) e hloka lisebelisoa tsa bohlokoa. Ka mantsoe a mang, mohopolo oa ho kenyelletsa likholomo tsohle tse nang le lintlha tse ling o tletse ho fokotseha ha ts'ebetso.

Leha ho le joalo, encryption ha se bullet ea silevera e rarollang mathata ohle. Lintlha tse hlakotsoeng le senotlolo sa decryption nakong ea ts'ebetso ea ho hlakola le ho fetisa data li fumaneha ho seva. Ka hona, linotlolo li ka ts'oaroa ke motho ea nang le phihlello e felletseng ho seva sa database, joalo ka motsamaisi oa sistimi.

Ha ho na le senotlolo se le seng bakeng sa kholomo eohle bakeng sa basebelisi bohle (le haeba e se bakeng sa bohle, empa bakeng sa bareki ba sete e lekanyelitsoeng), sena ha se kamehla se setle ebile se nepahetse. Ke ka lebaka leo ba ileng ba qala ho etsa encryption ea ho qetela, ho DBMS ba ile ba qala ho nahana ka likhetho tsa ho ngolla data ho mofani le lehlakoreng la seva, 'me ho ile ha hlaha li-keyboards tse tšoanang - lihlahisoa tse fapaneng tse fanang ka tsamaiso ea bohlokoa ho DBMS. lehlakore.

Tšireletso le DBMS: seo u lokelang ho se hopola ha u khetha lisebelisoa tsa ts'ireletso
Mohlala oa encryption e joalo ho MongoDB

Lintlha tsa ts'ireletso ho DBMS ea khoebo le e bulehileng

Mesebetsi
Tšoaea
Leano la Lekunutu
Tlhahlobo
Ho sireletsa khoutu ea mohloli oa mekhoa le mesebetsi
EPIRB
taetsitshireletso

oracle
khoebo
+
+
+
+
+

MsSql
khoebo
+
+
+
+
+

Jatoba
khoebo
+
+
+
+
atolositsoeng

PostgreSQL
Free
atolositsoeng
atolositsoeng
-
+
atolositsoeng

MongoDb
Free
-
+
-
-
E fumaneha ho MongoDB Enterprise feela

Tafole ha e fele, empa boemo ke bona: lihlahisoa tsa khoebo, mathata a ts'ireletso a rarollotsoe ka nako e telele, mohloling o bulehileng, e le molao, mefuta e meng ea li-add-on e sebelisetsoa ts'ireletso, mesebetsi e mengata e haella. , ka linako tse ling u tlameha ho eketsa ho hong. Mohlala, maano a password - PostgreSQL e na le likeketso tse ngata tse fapaneng (1, 2, 3, 4, 5), e sebelisang maano a password, empa, ka maikutlo a ka, ha ho le e 'ngoe ea tsona e koahelang litlhoko tsohle tsa karolo ea khoebo ea lapeng.

Seo u lokelang ho se etsa haeba u se na seo u se hlokang kae kapa kae? Ka mohlala, u batla ho sebelisa DBMS e itseng e se nang mesebetsi eo moreki a e hlokang.

Joale u ka sebelisa litharollo tsa motho oa boraro tse sebetsang le li-DBMS tse fapaneng, mohlala, Crypto DB kapa Garda DB. Haeba re bua ka tharollo e tsoang karolong ea malapeng, joale ba tseba ka GOSTs ho feta mohloling o bulehileng.

Khetho ea bobeli ke ho ngola seo u se hlokang, kenya ts'ebetso ea phihlello ea data le encryption ts'ebelisong maemong a ts'ebetso. 'Nete, ho tla ba thata le ho feta ka GOST. Empa ka kakaretso, o ka pata data ha ho hlokahala, o e kenye ho DBMS, ebe o e khutlisa le ho e hlakola ha ho hlokahala, hantle boemong ba kopo. Ka nako e ts'oanang, hang-hang nahana ka hore na u tla sireletsa li-algorithms tsena joang ts'ebetsong. Ka maikutlo a rona, sena se lokela ho etsoa boemong ba DBMS, hobane se tla sebetsa ka potlako.

Tlaleho ena e ile ea hlahisoa ka lekhetlo la pele ho @Databases Meetup ka Mail.ru Cloud Solutions. Sheba видео litšoantšiso tse ling 'me u ingolisetse liphatlalatso tsa ketsahalo ho Telegraph Ho pota Kubernetes ho Mail.ru Group.

Ke eng hape eo u lokelang ho e bala ka sehlooho:

  1. Ho feta Ceph: polokelo ea leru la MCS.
  2. Mokhoa oa ho khetha database bakeng sa morero e le hore u se ke ua tlameha ho khetha hape.

Source: www.habr.com

Eketsa ka tlhaloso