Oracle 10g数据屏蔽
[英]Oracle 10g Datamasking
问题描述
I have Oracle 10g database. 
我有Oracle 10g数据库。 I want to mask my record of tables. 我想掩盖我的表记录。 It doesn't really need to make sense, it doesn't need to be readable. 它实际上并不需要讲得通,也不需要可读。 Just needs to be masked. 只是需要被掩盖。 For example: 例如:
select *
from customer;
LAST_NAME FIRST_NAME ADDRESS
-------------- -------------- --------------------
Doe John 10 someroad st
i convert to this : 我转换为此:
LAST_NAME FIRST_NAME ADDRESS
-------------- -------------- --------------------
Ahd Uiea 55 xxxx ue
I need open source software that can do this work. 我需要可以完成这项工作的开源软件。 What should i use? 我应该使用什么?
2 个解决方案
解决方案1
0 2014-06-22 07:22:53
You can use ORA_HASH or DBMS_CRYPTO package to full fill your requirements. 您可以使用ORA_HASH或DBMS_CRYPTO包来完全满足您的要求。 Giving solution using DBMS_CRYPTO: 使用DBMS_CRYPTO提供解决方案:
--Source data: -源数据:
create table customer(last_name varchar2(50),first_name varchar2(50), address varchar2(200));
--Encrypt Function(Script Source ): -加密功能(脚本源 ):
CREATE OR REPLACE FUNCTION encrypt_value (p_in IN varchar2, p_key IN raw) RETURN raw IS l_enc_val raw (2000);
l_mod number := dbms_crypto.ENCRYPT_AES128 + dbms_crypto.CHAIN_CBC + dbms_crypto.PAD_PKCS5;
BEGIN l_enc_val := dbms_crypto.encrypt ( UTL_I18N.STRING_TO_RAW (p_in, 'AL32UTF8'), l_mod, p_key );
RETURN l_enc_val;
END;
--Function Implementation: -功能实现:
select encrypt_value(last_name,'AABBCC'),encrypt_value(first_name,'AABBCC'), encrypt_value(address,'AABBCC') from customer;
解决方案2
0 2014-06-23 06:49:15
If you're using the Enterprise version of Oracle, you can use a Virtual Private Database (VPD) for this. 如果您使用的是Oracle企业版,则可以为此使用虚拟专用数据库(VPD) 。
A VPD allows you to fine-grained access control (based on the account used to connect to the database). VPD允许您细化访问控制(基于用于连接数据库的帐户)。 It can: 它可以:
- return only a subset of rows 仅返回行的子集
- use column masking to display sensitive columns as NULL values 使用列掩码将敏感列显示为NULL值
It achieves this by appending a custom WHERE clause to every query run against the table. 它通过将自定义WHERE子句附加到针对该表运行的每个查询来实现。 There's no way to circumvent it, and no need to adapt existing applications (for using a custom-built view etc.) 无法绕开它,也无需修改现有应用程序(用于使用自定义视图等)。
To create a VPD for your customer table, you need to: 要为您的customer表创建VPD,您需要:
- create a function for generating the WHERE clause 创建一个用于生成WHERE子句的函数
- create a policy for your database table 为您的数据库表创建策略
- enable the policy 启用政策
Function 功能
CREATE OR REPLACE FUNCTION hide_address (
v_schema IN VARCHAR2,
v_objname IN VARCHAR2)
RETURN VARCHAR2 AS
result VARCHAR2 (200);
BEGIN
result := '1=0'; -- evaluates to FALSE for every account
RETURN (result);
END hide_address;
Creating a policy 制定政策
BEGIN
DBMS_RLS.ADD_POLICY(
object_schema => 'scott',
object_name => 'customer',
policy_name => 'hide_address_policy',
policy_function => 'hide_address',
sec_relevant_cols =>' address',
sec_relevant_cols_opt => dbms_rls.ALL_ROWS);
END;
After enabling the policy, every query trying to access CUSTOMER.ADDRESS will return NULL . 启用该策略后, 每个尝试访问CUSTOMER.ADDRESS的查询都将返回NULL 。 Depending on your requirements, you might want to add a view to access the table that returns a random address instead of NULL : 根据您的要求,您可能想添加一个视图来访问返回一个随机地址而不是NULL的表 :
select name,
(case when address is NULL
then dbms_random.string('', 15)
else address end) as address
from
customer
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.