hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update masking documentation

Browse Source
This commit is contained in:
Johan Wikman
2017-05-02 13:29:58 +03:00
parent fc855bac9a
commit b971ad2cf5
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
Documentation/Filters/Masking.md
View File

@ -35,6 +35,8 @@ the _ssn_ would be masked, as in
... ...
``` ```
## Security
Note that he masking filter alone is *not* sufficient for preventing Note that he masking filter alone is *not* sufficient for preventing
access to a particular column. As the masking filter works on the column access to a particular column. As the masking filter works on the column
name alone a query like name alone a query like
@ -49,8 +51,11 @@ a sufficient number of times with different _ssn_ values, will, eventually,
reveal the social security number of all persons in the database. reveal the social security number of all persons in the database.
For a secure solution, the masking filter *must* be combined with the For a secure solution, the masking filter *must* be combined with the
firewall filter to prevent the use of functions and the use of particular firewall filter to prevent the use of functions using which the masking
columns in where-clauses. can be bypassed.
In a future release, the combined use of the masking filter and the
database firewall filter will be simplified.
## Limitations ## Limitations