mongodb数据库加密_数据库安全性如何使用加密保护mongodb数据

mongodb数据库加密

Database security is a key factor for any application that includes very sensitive data, such as financial and health reports.

对于任何包含非常敏感的数据(例如财务和运行状况报告)的应用程序，数据库安全性都是关键因素。

Data protection can be achieved through encryption at various levels, from the application itself to the files containing the data.

从应用程序本身到包含数据的文件，可以通过不同级别的加密来实现数据保护。

Since MongoDB is a non-relational database, there is no need to define columns before inserting data; and therefore documents in the same collection may have different fields from one another.

由于MongoDB是非关系数据库，因此无需在插入数据之前定义列。 因此，同一集合中的文档可能具有彼此不同的字段。

On the other hand, for SQL DBMS, it is necessary to define columns for data, so all rows have the same columns. You can decide to encrypt individual columns, the entire database file, or application data before participating in the database process.

另一方面，对于SQL DBMS ，有必要为数据定义列，因此所有行都具有相同的列。 您可以决定在参与数据库过程之前对单个列，整个数据库文件或应用程序数据进行加密。

Encryption of individual columns is preferable because it is cheaper and less data is encrypted, which increases the latency. In general, the overall performance affects the encryption result.

最好对各个列进行加密，因为它更便宜并且加密的数据更少，这会增加延迟。 通常，整体性能会影响加密结果。

However, for DBMS NoSQL this approach will not be the best option. Considering that not all documents can have all fields that you want to use in your encryption, column-level encryption cannot be done.

但是，对于DBMS NoSQL，此方法将不是最佳选择。 考虑到并非所有文档都可以具有要在加密中使用的所有字段，因此无法进行列级加密。

Application-level data encryption is quite expensive and difficult to implement. That is why we are left with the option to encrypt data at the database level.

应用程序级数据加密非常昂贵且难以实现。 这就是为什么我们可以选择在数据库级别加密数据的原因。

MongoDB provides built-in encryption, which requires no extra cost to protect your confidential data.

MongoDB提供内置的加密功能，无需额外费用即可保护您的机密数据。

MONGODB中的数据加密 (DATA ENCRYPTION IN MONGODB)

Any operation with a database includes either of these two forms of data: data at rest or data on the move.

对数据库的任何操作都包括以下两种数据形式之一：静态数据或移动数据。

Data on the move is the flow of data passing through any network, while data at rest is static, so it does not move anywhere.

移动中的数据是通过任何网络传递的数据流，而静态数据是静态的，因此它不会在任何地方移动。

Both of these two types of data are subject to external intervention by anonymous users unless encryption is used. The encryption process involves:

除非使用加密，否则这两种类型的数据都将受到匿名用户的外部干预。 加密过程涉及：

• Generation of the master key for the entire database
  生成整个数据库的主密钥
• Generation of unique keys for each database
  为每个数据库生成唯一密钥
• Encrypt your data with the database keys that you generated
  使用生成的数据库密钥加密数据
• Encrypt the entire database with the master key
  用主密钥加密整个数据库

传输过程中的数据加密(DATA ENCRYPTION DURING TRANSMISSION)

There are two ways to transfer data between MongoDB and the server application: via Transport Layer Security (TLS) and Secure Socket Layer Protocol (SSL).

在MongoDB和服务器应用程序之间传输数据的方式有两种：通过传输层安全性(TLS)和安全套接字层协议(SSL)。

These two encryption protocols are most often used to protect sent and received data between the two systems. Essentially, the concept is to encrypt connections to mongod and mongos instances so that network traffic is read-only by the intended client.