I-ProHoster > Блог > Ukuphatha > Ukuphepha kanye ne-DBMS: yini okudingeka uyikhumbule lapho ukhetha amathuluzi okuphepha

Ukuphepha kanye ne-DBMS: yini okudingeka uyikhumbule lapho ukhetha amathuluzi okuphepha

Ukuphepha kanye ne-DBMS: yini okudingeka uyikhumbule lapho ukhetha amathuluzi okuphepha

Igama lami ngingu-Denis Rozhkov, ngiyinhloko yokuthuthukiswa kwesofthiwe enkampanini ye-Gazinformservice, eqenjini lomkhiqizo. Jatoba. Imithetho nemithetho yebhizinisi ibeka izidingo ezithile zokuvikela ukugcinwa kwedatha. Akekho ofuna abantu besithathu bathole ukufinyelela olwazini oluyimfihlo, ngakho-ke izindaba ezilandelayo zibalulekile kunoma iyiphi iphrojekthi: ukuhlonza nokuqinisekisa, ukuphatha ukufinyelela kudatha, ukuqinisekisa ubuqotho bolwazi ohlelweni, ukugawulwa kwemicimbi yokuphepha. Ngakho-ke, ngifuna ukukhuluma ngamanye amaphuzu athakazelisayo mayelana nokuphepha kwe-DBMS.

Isihloko salungiswa sisekelwe enkulumweni ethi @DatabasesMeetup, ihlelekile I-Mail.ru Cloud Solutions. Uma ungafuni ukufunda, ungabuka:


I-athikili izoba nezingxenye ezintathu:

  • Indlela yokuvikela ukuxhumana.
  • Kuyini ukucwaninga kwezenzo nokuthi uqopha kanjani okwenzekayo ohlangothini lwedathabheyisi futhi uxhumeke kuyo.
  • Uyivikela kanjani idatha kusizindalwazi uqobo nokuthi yibuphi ubuchwepheshe obukhona kulokhu.

Ukuphepha kanye ne-DBMS: yini okudingeka uyikhumbule lapho ukhetha amathuluzi okuphepha
Izingxenye ezintathu zokuvikeleka kwe-DBMS: ukuvikelwa kokuxhumeka, ukuhlola umsebenzi nokuvikelwa kwedatha

Ukuvikela ukuxhumana kwakho

Ungakwazi ukuxhuma kusizindalwazi ngokuqondile noma ngokungaqondile ngokusebenzisa izinhlelo zokusebenza zewebhu. Njengomthetho, umsebenzisi webhizinisi, okungukuthi, umuntu osebenza ne-DBMS, uxhumana nayo ngokungaqondile.

Ngaphambi kokukhuluma ngokuvikela ukuxhumana, udinga ukuphendula imibuzo ebalulekile enquma ukuthi izindlela zokuphepha zizohlelwa kanjani:

  • Ingabe umsebenzisi oyedwa webhizinisi ulingana nomsebenzisi oyedwa we-DBMS?
  • ukuthi ukufinyelela kudatha ye-DBMS kunikezwa kuphela nge-API oyilawulayo, noma ukuthi amathebula afinyelelwa ngokuqondile;
  • ukuthi i-DBMS yabelwe ingxenye evikelekile ehlukile, oxhumana nayo nokuthi kanjani;
  • noma ngabe kusetshenziswa izendlalelo zokuhlanganisa/ummeleli kanye nezimaphakathi, ezingashintsha ulwazi mayelana nendlela uxhumo lwakhiwe ngayo nokuthi ubani osebenzisa isizindalwazi.

Manje ake sibone ukuthi yimaphi amathuluzi angasetshenziswa ukuvikela ukuxhumana:

  1. Sebenzisa izixazululo zekilasi le-firewall lesizindalwazi. Isendlalelo esengeziwe sokuvikela sizothi, okungenani, sikhulise ukucaca kwalokho okwenzekayo ku-DBMS, futhi ngokwesilinganiso esiphezulu, uzokwazi ukunikeza ukuvikelwa kwedatha okwengeziwe.
  2. Sebenzisa izinqubomgomo zephasiwedi. Ukusetshenziswa kwazo kuncike ekutheni i-architecture yakho yakhiwe kanjani. Kunoma ikuphi, iphasiwedi eyodwa kufayela lokucushwa lohlelo lokusebenza lwewebhu oluxhuma ku-DBMS alanele ukuvikelwa. Kukhona inani lamathuluzi e-DBMS akuvumela ukuthi ulawule ukuthi umsebenzisi nephasiwedi zidinga ukubuyekezwa.

    Ungafunda kabanzi mayelana nemisebenzi yokulinganisa yomsebenzisi lapha, ungathola futhi mayelana ne-MS SQL Vulnerability Assessmen lapha

  3. Cebisa umongo weseshini ngolwazi oludingekayo. Uma iseshini i-opaque, awuqondi ukuthi ubani osebenza ku-DBMS ngaphakathi kohlaka lwayo, ungakwazi, ngaphakathi kohlaka lomsebenzi owenziwayo, wengeze ulwazi mayelana nokuthi ubani owenza ini nokuthi kungani. Lolu lwazi lungabonakala ekucwaningweni kwamabhuku.
  4. Lungiselela i-SSL uma ungenakho ukuhlukaniswa kwenethiwekhi phakathi kwe-DBMS nabasebenzisi bokugcina; ayikho ku-VLAN ehlukile. Ezimweni ezinjalo, kubalulekile ukuvikela isiteshi phakathi komthengi kanye ne-DBMS ngokwayo. Amathuluzi okuphepha nawo ayatholakala kumthombo ovulekile.

Lokhu kuzokuthinta kanjani ukusebenza kwe-DBMS?

Ake sibheke isibonelo se-PostgreSQL ukuze sibone ukuthi i-SSL iwuthinta kanjani umthwalo we-CPU, yandisa izikhathi futhi yehlise i-TPS, nokuthi izodla izinsiza eziningi yini uma uyinika amandla.

Ukulayisha i-PostgreSQL usebenzisa i-pgbench wuhlelo olulula lokuqhuba izivivinyo zokusebenza. Isebenzisa ukulandelana okukodwa kwemiyalo ngokuphindaphindiwe, ngokunokwenzeka kumaseshini esizindalwazi afanayo, bese ibala isilinganiso sezinga lokwenziwe.

Hlola 1 ngaphandle kwe-SSL futhi usebenzisa i-SSL - Ukuxhumana kusungulwe kukho konke okwenziwayo:

pgbench.exe --connect -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres sslmode=require 
sslrootcert=rootCA.crt sslcert=client.crt sslkey=client.key"

vs

pgbench.exe --connect -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres"

Hlola 2 ngaphandle kwe-SSL futhi usebenzisa i-SSL - konke ukuthengiselana kwenziwa ngoxhumano olulodwa:

pgbench.exe -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres sslmode=require
sslrootcert=rootCA.crt sslcert=client.crt sslkey=client.key"

vs

pgbench.exe -c 10 -t 5000 "host=192.168.220.129 dbname=taskdb user=postgres"

Ezinye izilungiselelo:

scaling factor: 1
query mode: simple
number of clients: 10
number of threads: 1
number of transactions per client: 5000
number of transactions actually processed: 50000/50000

Imiphumela yokuhlolwa:

 
AYIKHO i-SSL
I-SSL

Uxhumano luyasungulwa kukho konke okwenziwayo

i-latency average
I-171.915 ms
I-187.695 ms

tps kufaka phakathi ukusungulwa kokuxhumana
58.168112
53.278062

tps ngaphandle kokusungulwa kokuxhumana
64.084546
58.725846

CPU
24%
28%

Konke ukuthengiselana kwenziwa ngoxhumano olulodwa

i-latency average
I-6.722 ms
I-6.342 ms

tps kufaka phakathi ukusungulwa kokuxhumana
1587.657278
1576.792883

tps ngaphandle kokusungulwa kokuxhumana
1588.380574
1577.694766

CPU
17%
21%

Ekulayishweni okulula, umthelela we-SSL ufaniswa nephutha lokulinganisa. Uma inani ledatha elidlulisiwe likhulu kakhulu, isimo singase sihluke. Uma sisungula uxhumano olulodwa ngomsebenzi ngamunye (lokhu akuvamile, ngokuvamile ukuxhumana kwabelwa abasebenzisi), unenombolo enkulu yokuxhumeka/okunqanyuliwe, umthelela ungase ube mkhulu kancane. Okusho ukuthi, kungase kube nezingozi zokwehla kokusebenza, noma kunjalo, umehluko awumkhulu kakhulu ukuthi ungasebenzisi ukuvikela.

Sicela uqaphele ukuthi kunomehluko oqinile uma uqhathanisa izindlela zokusebenza: usebenza phakathi nesikhathi esifanayo noma kwezihlukene. Lokhu kuyaqondakala: izinsiza zisetshenziswa ekudaleni ukuxhumana ngakunye.

Sibe necala lapho sixhuma i-Zabbix kumodi yokuthembela, okungukuthi, i-md5 ayizange ihlolwe, sasingekho isidingo sokuqinisekisa. Bese ikhasimende licela ukunika amandla imodi yokuqinisekisa ye-md5. Lokhu kubeka umthwalo osindayo ku-CPU, futhi ukusebenza kwehla. Saqala ukufuna izindlela zokuthuthukisa. Esinye sezixazululo ezingaba khona zenkinga ukusebenzisa imikhawulo yenethiwekhi, ukwenza ama-VLAN ahlukene e-DBMS, engeza izilungiselelo ukuze kucace ukuthi ubani oxhuma kusuka kuphi futhi asuse ukufakazela ubuqiniso. Ungakwazi futhi nokuthuthukisa izilungiselelo zokuqinisekisa ukuze unciphise izindleko uma uvumela ukufakazela ubuqiniso, kodwa ngokuvamile ukusetshenziswa kwezindlela ezihlukene zokuqinisekisa kuthinta ukusebenza futhi kudinga ukucabangela lezi zici lapho uklama amandla ekhompuyutha amaseva (izingxenyekazi zekhompyutha) ze-DBMS.

Isiphetho: ngenani lezixazululo, ngisho nama-nuances amancane ekuqinisekiseni angathinta kakhulu iphrojekthi futhi kubi uma lokhu kuba sobala kuphela lapho kuqaliswa ekukhiqizeni.

Ukuhlolwa kwesenzo

Ukuhlola angeke kube yi-DBMS kuphela. Ukucwaningwa kwamabhuku kumayelana nokuthola ulwazi ngokwenzeka ezingxenyeni ezahlukene. Lokhu kungaba i-firewall egciniwe noma isistimu yokusebenza lapho i-DBMS yakhelwe khona.

Ezingeni lebhizinisi lezentengiselwano ama-DBMS konke kuhamba kahle ngokucwaningwa kwamabhuku, kodwa emthonjeni ovulekile - hhayi njalo. Nakhu okushiwo yi-PostgreSQL:

  • ilogi ezenzakalelayo - ukungena okwakhelwe ngaphakathi;
  • izandiso: pgaudit - uma ukungena okuzenzakalelayo kungenele kuwe, ungasebenzisa izilungiselelo ezihlukene ezixazulula izinkinga ezithile.

Ukwengezwa embikweni kuvidiyo:

"Ukugawula izitatimende eziyisisekelo kungahlinzekwa yisikhungo esijwayelekile sokugawula nge-log_statement = konke.

Lokhu kwamukelekile ekuqapheni nokunye ukusetshenziswa, kodwa akunikezi izinga lemininingwane ngokuvamile edingekayo ekucwaningeni.

Akwanele ukuba nohlu lwayo yonke imisebenzi eyenziwa kusizindalwazi.

Kufanele futhi kutholakale izitatimende ezithile ezithakaselwa umcwaningi mabhuku.

Ukungena ngemvume okujwayelekile kubonisa lokho okucelwe umsebenzisi, kuyilapho i-pgAudit igxile emininingwaneni yokwenzeka lapho isizindalwazi senza umbuzo.

Isibonelo, umcwaningi mabhuku angase afune ukuqinisekisa ukuthi ithebula elithile ladalwa ngaphakathi kwewindi lokulungisa elibhaliwe.

Lokhu kungase kubonakale kuwumsebenzi olula onokucwaninga okuyisisekelo kanye ne-grep, kodwa kuthiwani uma wethulwe ngento efana nalesi (isibonelo esididayo ngamabomu):

DO$$
QALA
SENZA 'DALA Ukungenisa kweTHEBULA' || 'ant_table(id int)';
END$$;

Ukugawula okujwayelekile kuzokunikeza lokhu:

I-LOG: isitatimende: YENZA $$
QALA
SENZA 'DALA Ukungenisa kweTHEBULA' || 'ant_table(id int)';
END$$;

Kubonakala sengathi ukuthola ithebula lokuthakaselayo kungase kudinge ulwazi oluthile lwekhodi ezimeni lapho amathebula enziwa khona ngamandla.

Lokhu akulungile, njengoba kungaba kuhle ukumane useshe ngegama lethebula.

Kulapho i-pgAudit isiza khona.

Okokufaka okufanayo, kuzokhiqiza lokhu okukhiphayo kulogi:

UCWANINGO: ISISEKELO,33,1,UMSEBENZI,YENZA,,,"YENZA $$
QALA
SENZA 'DALA Ukungenisa kweTHEBULA' || 'ant_table(id int)';
END$$;"
UCWANINGO: ISISEKELO,33,2,DDL,DALA ITHEBULA,ITHEBULA,ithebula lomphakathi.important_table,DALA ITAFULA_ithebula_elibalulekile (ID INT)

Akuwona kuphela i-DO block efakiwe, kodwa nombhalo ogcwele we-CREATE TABLE enohlobo lwesitatimende, uhlobo lwento, negama eligcwele, okwenza ukusesha kube lula.

Lapho ungena ku-KHETHA kanye nezitatimende ze-DML, i-pgAudit ingalungiselelwa ukuthi ifake okufakiwe okuhlukile kobudlelwane ngakunye okubalulwe esitatimendeni.

Akukho ukuhlaziya okudingekayo ukuze uthole zonke izitatimende ezithinta ithebula elithile(*) ».

Lokhu kuzokuthinta kanjani ukusebenza kwe-DBMS?

Ake senze izivivinyo ngokucwaningwa kwamabhuku okugcwele kunikwe amandla futhi sibone ukuthi kwenzekani ekusebenzeni kwe-PostgreSQL. Ake sivumele ukuloga kwesizindalwazi esiphezulu kuwo wonke amapharamitha.

Asishintshi cishe lutho kufayela lokucushwa, into ebaluleke kakhulu ukuvula imodi ye-debug5 ukuze uthole imininingwane ephezulu.

postgresql.conf

log_destination = 'stderr'
logging_collector = on
log_truncate_on_rotation = kuvuliwe
log_rotation_age = 1d
log_rotation_size = 10MB
log_min_messages = debug5
log_min_error_statement = debug5
log_min_duration_statement = 0
debug_print_parse = on
debug_print_rewritten = on
debug_print_plan = on
debug_pretty_print = on
log_checkpoints = on
log_connections = kuvuliwe
log_disconnections = kuvuliwe
log_duration = kuvuliwe
log_hostname = kuvuliwe
log_lock_wait = on
log_replication_commands = on
log_temp_files = 0
log_timezone = 'Europe/Moscow'

Ku-PostgreSQL DBMS enamapharamitha we-1 CPU, 2,8 GHz, 2 GB RAM, 40 GB HDD, senza izivivinyo ezintathu zokulayisha sisebenzisa imiyalo:

$ pgbench -p 3389 -U postgres -i -s 150 benchmark
$ pgbench -p 3389 -U postgres -c 50 -j 2 -P 60 -T 600 benchmark
$ pgbench -p 3389 -U postgres -c 150 -j 2 -P 60 -T 600 benchmark

Imiphumela yokuhlolwa:

Akukho ukugawula
Ngokugawula

Isikhathi esiphelele sokugcwalisa isizindalwazi
I-43,74 sec
I-53,23 sec

I-RAM
24%
40%

CPU
72%
91%

Isivivinyo 1 (50 ukuxhumana)

Inani lemisebenzi emizuzwini eyi-10
74169
32445

Okwenziwe/umzuzwana
123
54

Ukubambezeleka okumaphakathi
I-405 ms
I-925 ms

Isivivinyo 2 (ukuxhumana okungu-150 nokungu-100 okunokwenzeka)

Inani lemisebenzi emizuzwini eyi-10
81727
31429

Okwenziwe/umzuzwana
136
52

Ukubambezeleka okumaphakathi
I-550 ms
I-1432 ms

Mayelana nosayizi

Usayizi we-DB
I-2251 MB
I-2262 MB

Usayizi welogi yesizindalwazi
I-0 MB
I-4587 MB

Okubalulekile: ukuhlolwa okuphelele akukuhle kakhulu. Idatha evela ocwaningweni izoba yinkulu njengedatha ekusizindalwazi uqobo, noma ngisho nangaphezulu. Inani lokugawulwa kwemithi elikhiqizwa lapho usebenza ne-DBMS liyinkinga evamile ekukhiqizeni.

Ake sibheke amanye amapharamitha:

  • Ijubane alishintshi kakhulu: ngaphandle kokugawula - imizuzwana engu-43,74, ngokugawula - imizuzwana engu-53,23.
  • Ukusebenza kwe-RAM ne-CPU kuzophazamiseka, njengoba udinga ukukhiqiza ifayela lokuhlola. Lokhu kuyabonakala nasekukhiqizeni.

Njengoba inani lokuxhuma likhula, ngokwemvelo, ukusebenza kuzowohloka kancane.

Ezinkampanini ezinocwaningo lwamabhuku kunzima nakakhulu:

  • kukhona idatha eningi;
  • ukuhlolwa akudingekile kuphela nge-syslog ku-SIEM, kodwa futhi kumafayela: uma okuthile kwenzeka ku-syslog, kufanele kube nefayela eliseduze nesizindalwazi lapho idatha igcinwa khona;
  • ishalofu elihlukile liyadingeka ukuze kucwaningwe ukuze kungamoshi amadiski e-I/O, njengoba kuthatha indawo enkulu;
  • Kwenzeka ukuthi izisebenzi zokuphepha kolwazi zidinga izindinganiso ze-GOST yonke indawo, zidinga ukuhlonza isimo.

Ikhawulela ukufinyelela kudatha

Ake sibheke ubuchwepheshe obusetshenziselwa ukuvikela idatha nokuyifinyelela kuma-DBMS okuhweba kanye nomthombo ovulekile.

Yini ongayisebenzisa ngokuvamile:

  1. Ukubethela kanye nokufihlwa kwezinqubo nemisebenzi (Ukugoqa) - okungukuthi, amathuluzi ahlukene kanye nezinsiza ezenza ikhodi efundekayo ingafundeki. Yiqiniso, lapho-ke ngeke ishintshwe noma ihlehliswe kabusha. Le ndlela ngezinye izikhathi iyadingeka okungenani ohlangothini lwe-DBMS - ingqondo yemikhawulo yelayisense noma i-logic yokugunyazwa ibethelwa ngokunembile kunqubo kanye nezinga lomsebenzi.
  2. Ukunciphisa ukubonakala kwedatha ngemigqa (i-RLS) yilapho abasebenzisi abahlukene bebona ithebula elilodwa, kodwa ukwakheka okuhlukile kwemigqa kulo, okungukuthi, okuthile akukwazi ukuboniswa othile ezingeni lomugqa.
  3. Ukuhlela idatha ebonisiwe (Masking) yilapho abasebenzisi abakukholomu eyodwa yethebula bebona idatha noma ama-asterisk kuphela, okungukuthi, kwabanye abasebenzisi ulwazi luzovalwa. Ubuchwepheshe bunquma ukuthi yimuphi umsebenzisi oboniswa lokho ngokusekelwe ezingeni lakhe lokufinyelela.
  4. Ukulawulwa kokufinyelela kwe-DBA/Isicelo se-DBA/DBA, kunalokho, kumayelana nokukhawulela ukufinyelela ku-DBMS ngokwayo, okungukuthi, izisebenzi zokuphepha kolwazi zingahlukaniswa kubaphathi besizindalwazi nabaphathi bezinhlelo zokusebenza. Bumbalwa ubuchwepheshe obunjalo emthonjeni ovulekile, kodwa buningi kuma-DBMS okuhweba. Ziyadingeka uma kunabasebenzisi abaningi abanokufinyelela kumaseva ngokwawo.
  5. Ikhawulela ukufinyelela kumafayela ezingeni lesistimu yefayela. Unganikeza amalungelo kanye nezimvume zokufinyelela kuzinkomba ukuze umlawuli ngamunye akwazi ukufinyelela kuphela idatha edingekayo.
  6. Ukufinyelela okuyisibopho nokusula inkumbulo - lobu buchwepheshe abuvami ukusetshenziswa.
  7. Ukubethela ngasemaphethelweni ngqo kusuka ku-DBMS ukubethela kohlangothi lweklayenti okunokhiye wokuphatha ohlangothini lweseva.
  8. Ukubethelwa kwedatha. Isibonelo, ukubethela kwekholomu yilapho usebenzisa indlela ebethela ikholomu eyodwa yesizindalwazi.

Lokhu kukuthinta kanjani ukusebenza kwe-DBMS?

Ake sibheke isibonelo sokubethela kwekholomu ku-PostgreSQL. Kukhona imojula ye-pgcrypto, ikuvumela ukuthi ugcine izinkambu ezikhethiwe ngendlela ebethelwe. Lokhu kuyasiza uma idatha ethile kuphela ibalulekile. Ukuze ufunde izinkambu ezibethelwe, iklayenti lithumela ukhiye wokukhipha ukubethela, iseva isusa ukubethela idatha bese iyibuyisela kuklayenti. Ngaphandle kokhiye, akekho ongenza noma yini ngedatha yakho.

Ake sihlole nge-pgcrypto. Masidale ithebula elinedatha ebethelwe kanye nedatha evamile. Ngezansi kunemiyalo yokwakha amatafula, emgqeni wokuqala kukhona umyalo owusizo - ukudala isandiso ngokwaso ngokubhaliswa kwe-DBMS:

CREATE EXTENSION pgcrypto;
CREATE TABLE t1 (id integer, text1 text, text2 text);
CREATE TABLE t2 (id integer, text1 bytea, text2 bytea);
INSERT INTO t1 (id, text1, text2)
VALUES (generate_series(1,10000000), generate_series(1,10000000)::text, generate_series(1,10000000)::text);
INSERT INTO t2 (id, text1, text2) VALUES (
generate_series(1,10000000),
encrypt(cast(generate_series(1,10000000) AS text)::bytea, 'key'::bytea, 'bf'),
encrypt(cast(generate_series(1,10000000) AS text)::bytea, 'key'::bytea, 'bf'));

Okulandelayo, ake sizame ukwenza isampula yedatha kusuka kuthebula ngalinye futhi sibheke izikhathi zokwenza.

Ukukhetha kuthebula ngaphandle komsebenzi wokubethela:

psql -c "timing" -c "select * from t1 limit 1000;" "host=192.168.220.129 dbname=taskdb
user=postgres sslmode=disable" > 1.txt

Isitophuwashi sivuliwe.

  id | umbhalo1 | umbhalo2
——+———-+——-
1 | 1 | 1
2 | 2 | 2
3 | 3 | 3
...
997 | 997 | 997
998 | 998 | 998
999 | 999 | 999
1000 | 1000 | 1000
(imigqa engu-1000)

Isikhathi: 1,386 ms

Ukukhetha etafuleni elinomsebenzi wokubethela:

psql -c "timing" -c "select id, decrypt(text1, 'key'::bytea, 'bf'),
decrypt(text2, 'key'::bytea, 'bf') from t2 limit 1000;"
"host=192.168.220.129 dbname=taskdb user=postgres sslmode=disable" > 2.txt

Isitophuwashi sivuliwe.

  id | nqamula | susa ukubethela
——+——————+—————
1 | x31 | x31
2 | x32 | x32
3 | x33 | x33
...
999 | x393939 | x393939
1000 | x31303030 | x31303030
(imigqa engu-1000)

Isikhathi: 50,203 ms

Imiphumela yokuhlolwa:

 
Ngaphandle kokubethela
I-Pgcrypto (decrypt)

Isampula yemigqa engu-1000
I-1,386 ms
I-50,203 ms

CPU
15%
35%

I-RAM
 
+ 5%

Ukubethela kunomthelela omkhulu ekusebenzeni. Kungabonakala ukuthi isikhathi sinyukile, njengoba imisebenzi yokususa ukubethela kwedatha ebethelwe (futhi ukukhishwa kwemfihlo kuvame ukugoqwa kumqondo wakho) kudinga izinsiza ezibalulekile. Okusho ukuthi, umqondo wokubethela wonke amakholomu aqukethe idatha ethile ugcwele ukwehla kokusebenza.

Kodwa-ke, ukubethela akuyona inhlamvu yesiliva exazulula zonke izinkinga. Idatha esuswe ukubethela kanye nokhiye wokukhipha ukubethela phakathi nenqubo yokususa ukubethela nokudlulisa idatha kutholakala kuseva. Ngakho-ke, okhiye bangavinjwa umuntu onokufinyelela okugcwele kuseva yedathabhesi, njengomlawuli wesistimu.

Uma kunokhiye owodwa wekholomu yabo bonke abasebenzisi (ngisho noma kungebona bonke, kodwa kumakhasimende esethi elinganiselwe), lokhu akuhlali kukuhle futhi kulungile. Kungakho baqala ukwenza ukubethela kokuphela-kuya-ekupheleni, ku-DBMS baqala ukucabangela izinketho zokubethela idatha kuklayenti kanye nohlangothi lweseva, futhi kwavela lezo zindawo zokugcina izihluthulelo ze-vault - imikhiqizo ehlukene ehlinzeka ngokuphathwa okubalulekile ku-DBMS. ohlangothini.

Ukuphepha kanye ne-DBMS: yini okudingeka uyikhumbule lapho ukhetha amathuluzi okuphepha
Isibonelo sokubethela okunjalo ku-MongoDB

Izici zokuphepha ku-DBMS yokuhweba nomthombo ovulekile

Imisebenzi
Thayipha
Inqubomgomo Yephasiwedi
I-Audit
Ukuvikela ikhodi yomthombo yezinqubo nemisebenzi
I-RLS
Ukubethela

Oracle
ezentengiso
+
+
+
+
+

MsSql
ezentengiso
+
+
+
+
+

Jatoba
ezentengiso
+
+
+
+
izandiso

I-PostgreSQL
Mahhala
izandiso
izandiso
-
+
izandiso

I-MongoDb
Mahhala
-
+
-
-
Itholakala ku-MongoDB Enterprise kuphela

Ithebula likude nokuqedwa, kodwa isimo yilokhu: emikhiqizweni yokuhweba, izinkinga zokuphepha zixazululwe isikhathi eside, emthonjeni ovulekile, njengomthetho, uhlobo oluthile lwezengezo lusetshenziselwa ukuphepha, imisebenzi eminingi ayikho. , ngezinye izikhathi kufanele wengeze okuthile. Isibonelo, izinqubomgomo zephasiwedi - I-PostgreSQL inezandiso eziningi ezahlukene (1, 2, 3, 4, 5), esebenzisa izinqubomgomo zephasiwedi, kodwa, ngokubona kwami, akukho neyodwa yazo ehlanganisa zonke izidingo zengxenye yenkampani yasekhaya.

Okufanele ukwenze uma ungenakho okudingayo noma kuphi? Isibonelo, ufuna ukusebenzisa i-DBMS ethile engenayo imisebenzi edingwa yikhasimende.

Khona-ke ungasebenzisa izixazululo zezinkampani zangaphandle ezisebenza nama-DBMS ahlukene, isibonelo, i-Crypto DB noma i-Garda DB. Uma sikhuluma ngezixazululo ezivela engxenyeni yasekhaya, khona-ke bazi ngama-GOST kangcono kunomthombo ovulekile.

Inketho yesibili ukubhala lokho okudingayo ngokwakho, sebenzisa ukufinyelela kwedatha nokubethela kuhlelo lokusebenza ezingeni lenqubo. Yiqiniso, kuyoba nzima nakakhulu nge-GOST. Kodwa ngokuvamile, ungakwazi ukufihla idatha njengoba kudingeka, uyibeke ku-DBMS, bese uyibuyisela futhi uyisuse njengoba kudingeka, khona kanye ezingeni lesicelo. Ngesikhathi esifanayo, cabanga ngokushesha ukuthi uzowavikela kanjani lawa ma-algorithms kuhlelo lokusebenza. Ngokombono wethu, lokhu kufanele kwenziwe ezingeni le-DBMS, ngoba lizosebenza ngokushesha.

Lo mbiko wethulwe okokuqala ngo @Databases Meetup by Mail.ru Cloud Solutions. Bheka видео eminye imisebenzi futhi ubhalisele izimemezelo zomcimbi kuTelegram Around Kubernetes at Mail.ru Group.

Yini enye ongayifunda esihlokweni:

  1. Ngaphezulu Kwe-Ceph: I-Cloud Block Storage MCS.
  2. Ungayikhetha kanjani isizindalwazi sephrojekthi ukuze ungadingi ukukhetha futhi.

Source: www.habr.com

Engeza amazwana