SQL Server 2016 always encrypted - 在视图中使用始终加密的列进行比较和计算表达式
SQL Server 2016 always encrypted - comparison and calculated expression using always encrypted column in view
我有一个列 "Amount" numeric(18,2),我已使用 SSMS v17 的加密列向导对其进行了加密。列数据现已加密。
但是,我有一个视图使用类似的东西:
create SampleView
as
Select
*, Amount * Rate as TotalAmount
From
SampleTable
Where
Amount > 0
go
列 Rate 的类型为 numeric(18,8)。
我无法创建此视图。它给出了数据类型不兼容的错误,因为一列是加密的,而另一侧是明文。从我尝试过的各种排列来看,我看到带有 > 0 的 Where 子句导致了问题,并且 Select 列表中的 Amount*Rate 也不起作用。
与 Amount*Rate 相关的错误是(我评论了 Where 子句)
Operand type clash: numeric(18,2) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'SampleDB_CEK', column_encryption_key_database_name = 'SampleDB') is incompatible with numeric
与 Where Amount>0 相关的错误是(我在 Select 子句中注释了 Amount*Rate)
The data types numeric(18,2) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'SampleDB_CEK', column_encryption_key_database_name = 'SampleDB') and tinyint are incompatible in the greater than operator.
我试过这些,但效果不佳:
Where Amount > cast(0 as numeric(18,2)
Select Amount * cast(Rate as numeric(18,2)
我们不能在视图中声明变量。这个视图正在许多存储过程中使用。
任何想法表示赞赏。
加密列中不允许进行比较和数学运算。
目前,对加密列唯一可能的操作是相等。 bastos 的回答无效,因为 SQL 服务器没有密钥。
您可能必须在客户端应用程序中实现此逻辑。
来自官方文档
Deterministic encryption always generates the same encrypted value for
any given plain text value. Using deterministic encryption allows
point lookups, equality joins, grouping and indexing on encrypted
columns. However, but may also allow unauthorized users to guess
information about encrypted values by examining patterns in the
encrypted column, especially if there is a small set of possible
encrypted values, such as True/False, or North/South/East/West region.
Deterministic encryption must use a column collation with a binary2
sort order for character columns.
Randomized encryption uses a method
that encrypts data in a less predictable manner. Randomized encryption
is more secure, but prevents searching, grouping, indexing, and
joining on encrypted columns.
我有一个列 "Amount" numeric(18,2),我已使用 SSMS v17 的加密列向导对其进行了加密。列数据现已加密。
但是,我有一个视图使用类似的东西:
create SampleView
as
Select
*, Amount * Rate as TotalAmount
From
SampleTable
Where
Amount > 0
go
列 Rate 的类型为 numeric(18,8)。
我无法创建此视图。它给出了数据类型不兼容的错误,因为一列是加密的,而另一侧是明文。从我尝试过的各种排列来看,我看到带有 > 0 的 Where 子句导致了问题,并且 Select 列表中的 Amount*Rate 也不起作用。
与 Amount*Rate 相关的错误是(我评论了 Where 子句)
Operand type clash: numeric(18,2) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'SampleDB_CEK', column_encryption_key_database_name = 'SampleDB') is incompatible with numeric
与 Where Amount>0 相关的错误是(我在 Select 子句中注释了 Amount*Rate)
The data types numeric(18,2) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'SampleDB_CEK', column_encryption_key_database_name = 'SampleDB') and tinyint are incompatible in the greater than operator.
我试过这些,但效果不佳:
Where Amount > cast(0 as numeric(18,2)
Select Amount * cast(Rate as numeric(18,2)
我们不能在视图中声明变量。这个视图正在许多存储过程中使用。
任何想法表示赞赏。
加密列中不允许进行比较和数学运算。 目前,对加密列唯一可能的操作是相等。 bastos 的回答无效,因为 SQL 服务器没有密钥。
您可能必须在客户端应用程序中实现此逻辑。
来自官方文档
Deterministic encryption always generates the same encrypted value for any given plain text value. Using deterministic encryption allows point lookups, equality joins, grouping and indexing on encrypted columns. However, but may also allow unauthorized users to guess information about encrypted values by examining patterns in the encrypted column, especially if there is a small set of possible encrypted values, such as True/False, or North/South/East/West region. Deterministic encryption must use a column collation with a binary2 sort order for character columns.
Randomized encryption uses a method that encrypts data in a less predictable manner. Randomized encryption is more secure, but prevents searching, grouping, indexing, and joining on encrypted columns.