MySQL企业版里面的数据屏蔽的功能,在Percona 8.0.17里面被开源实现了。
我们这里演示方便起见,用dbdeployer来部署:
dbdeployer unpack --prefix=ps Percona-Server-8.0.18-9-Linux.x86_64.ssl101.tar.gz dbdeployer deploy single ps8.0.18 --bind-address='0.0.0.0' --gtid --init-general-log --enable-genera-log --disable-mysqlx --force
cd /sandboxes/msb_ps8_0_18/
cat my.sandbox.cnf 修改下 client段的user为root(默认dbdeployer部署的是低权限账号)
[client] user = root
# 安装data_masking 插件
./use 登录进mysql控制台 mysql [localhost:8018] {root} (test) > INSTALL PLUGIN data_masking SONAME 'data_masking.so'; Query OK, 0 rows affected (0.02 sec)
# 演示数据屏障功能
mysql [localhost:8018] {root} (test) > SELECT mask_outer('This is a string', 5, 1); # 前5个和最后1个字符,用掩码替代 +--------------------------------------+ | mask_outer('This is a string', 5, 1) | +--------------------------------------+ | XXXXXis a strinX | +--------------------------------------+ 1 row in set (0.00 sec) mysql [localhost:8018] {root} (test) > SELECT mask_pan_relaxed(gen_rnd_pan()); +---------------------------------+ | mask_pan_relaxed(gen_rnd_pan()) | +---------------------------------+ | 545151XXXXXX1753 | +---------------------------------+ 1 row in set (0.00 sec)