DATA MASKING ALGORITHM #
Data masking algorithms are by the mask features of DBPlusEngine. A variety of algorithms are built-in to make it easy for users to fully leverage the feature.
Parameters Explanation #
Hash Data Masking Algorithm #
MD5 Data Masking Algorithm #
Type: MD5
Configurable Properties:
| Name | Data type | Description |
|---|---|---|
| salt | String | Salt value (optional) |
Mask Data Masking Algorithm #
Keep First N Last M Data Masking Algorithm #
Type: KEEP_FIRST_N_LAST_M
Configurable Properties:
| Name | Data type | Description |
|---|---|---|
| first-n | int | first n substring |
| last-m | int | last m substring |
| replace-char | String | replace char |
Keep From X To Y Data Masking Algorithm #
Type: KEEP_FROM_X_TO_Y
Configurable Properties:
| Name | Data type | Description |
|---|---|---|
| from-x | int | start position (from 0) |
| to-y | int | end position (from 0) |
| replace-char | String | replace char |
Mask First N Last M Data Masking Algorithm #
Type: MASK_FIRST_N_LAST_M
Configurable Properties:
| Name | Data type | Description |
|---|---|---|
| first-n | int | first n substring |
| last-m | int | last m substring |
| replace-char | String | replace char |
Mask From X To Y Data Masking Algorithm #
Type: MASK_FROM_X_TO_Y
Configurable Properties:
| Name | Data type | Description |
|---|---|---|
| from-x | int | start position (from 0) |
| to-y | int | end position (from 0) |
| replace-char | String | replace char |
Mask Before Special Chars Data Masking Algorithm #
Type: MASK_BEFORE_SPECIAL_CHARS
Configurable Properties:
| Name | Data type | Description |
|---|---|---|
| special-chars | String | Special chars (first appearance) |
| replace-char | String | replace char |
Mask After Special Chars Data Masking Algorithm #
Type: MASK_AFTER_SPECIAL_CHARS
Configurable Properties:
| Name | Data type | Description |
|---|---|---|
| special-chars | String | Special chars (first appearance) |
| replace-char | String | replace char |
Replace Data Masking Algorithm #
Personal Identity Number Random Replace Data Masking Algorithm #
Type: SphereEx:PERSONAL_IDENTITY_NUMBER_RANDOM_REPLACE
Configurable Properties:
| Name | Data type | Description |
|---|---|---|
| alpha-two-country-area-code | String | alpha two country area code (Optional, default value: CN) |
Military Identity Number Random Replace Data Masking Algorithm #
Type: SphereEx:MILITARY_IDENTITY_NUMBER_RANDOM_REPLACE
Configurable Properties:
| Name | Data type | Description |
|---|---|---|
| type-codes | String | military identity number type codes (separate with comma) |
Telephone Random Replace Data Masking Algorithm #
Type: SphereEx:TELEPHONE_RANDOM_REPLACE
Configurable Properties:
| Name | Data type | Description |
|---|---|---|
| network-numbers | String | Network numbers (separate with comma, Default value: 130,131,132,133,134,135,136,137,138,139,150,151,152,153,155,156,157,158,159,166,170,176,177,178,180,181,182,183,184,185,186,187,188,189,191,198,199) |
Landline Number Random Replace Data Masking Algorithm #
Type: LANDLINE_NUMBER_RANDOM_REPLACE
Configurable Properties:
| Name | Data type | Description |
|---|---|---|
| landline-numbers | String | Landline numbers (separate with comma) |
Unified credit code random replacement #
Type: SphereEx:UNIFIED_CREDIT_CODE_RANDOM_REPLACE
Configurable Properties:
| Name | Data type | Description |
|---|---|---|
| registration-department-codes | String | 登记管理部门代码(以英文逗号分隔) |
| category-codes | String | 机构类别代码(以英文逗号分隔) |
| administrative-division-codes | String | 行政区划随机码表(以英文逗号分隔) |
General table random replace #
Type: GENERIC_TABLE_RANDOM_REPLACE
Configurable Properties:
| Name | Data type | Description |
|---|---|---|
| uppercase-letter-codes | String | Uppercase letter code table (separated by commas, default value: A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S ,T,U,V,W,X,Y,Z) |
| lowercase-letter-codes | String | lowercase letter code table(separated by commas, default value: a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) |
| digital-codes | String | Digital code table(separated by commas, default value:0,1,2,3,4,5,6,7,8,9) |
| special-codes | String | Special character code table(separated by commas, default value:~,!,@,#,$,%,^,&,*,:,<,>,¦) |
Data masking binding user algorithm #
Type: SphereEx:MASK_USERNAME
Configurable Properties:
| Name | Data type | Description | Default value |
|---|---|---|---|
| user-lists | String | user-list | None |
Note: When deleting the bound user, the data masking rules need to be modified at the same time.
Data masking binding host name algorithm #
Type: SphereEx:MASK_HOSTNAME
Configurable Properties:
| Name | Data type | Description | Default value |
|---|---|---|---|
| hostname-lists | String | host-list | None |
Data masking binding role algorithm #
Type: SphereEx:MASK_ROLE
Configurable Properties:
| Name | Data type | Description | Default value |
|---|---|---|---|
| role-lists | String | role-list | None |
Note: When deleting the bound role, you need to modify the data masking rules at the same time.
Operation Steps #
- Configure the masking algorithm in the masking rule;
- Specify the masking algorithm type for the masking algorithm。
Configuration Example #
rules:
- !MASK
tables:
t_user:
columns:
password:
maskAlgorithm: md5_mask
email:
maskAlgorithm: mask_before_special_chars_mask
telephone:
maskAlgorithm: keep_first_n_last_m_mask
maskAlgorithms:
md5_mask:
type: MD5
mask_before_special_chars_mask:
type: MASK_BEFORE_SPECIAL_CHARS
props:
special-chars: '@'
replace-char: '*'
keep_first_n_last_m_mask:
type: KEEP_FIRST_N_LAST_M
props:
first-n: 3
last-m: 4
replace-char: '*'