MySQL 默认情况下是否对静态数据应用加密?
Does MySQL apply Encryption for Data at Rest by default?
我经历了 this page of MySQL Doc。对于 MySQL v8.0.x,文件系统中存储的数据(主要是 .ibd 文件)是否默认加密,我仍然不清楚?我在表空间上看到一堆信息:
The mysql system tablespace contains the mysql system database and MySQL data dictionary tables. It is unencrypted by default.
是否也意味着存储的数据默认没有加密?谁能帮我指出官方文档是怎么说的?
是的,默认情况下数据未加密。
在 MySQL 8.0.16 之前,您必须明确设置加密才能启用它,例如参见对于 File-Per-Table Tablespace Encryption:
Prior to MySQL 8.0.16, the ENCRYPTION clause must be specified to enable encryption.
这当然意味着如果你不指定它,它默认是禁用的。
自 MySQL 8.0.16 起,行为 is inherited:
As of MySQL 8.0.16, the default_table_encryption system variable defines the default encryption setting for schemas and general tablespaces. CREATE TABLESPACE and CREATE SCHEMA operations apply the default_table_encryption setting when an ENCRYPTION clause is not specified explicitly.
By default, a table inherits the encryption setting of the schema or general tablespace it is created in. For example, a table created in an encryption-enabled schema is encrypted by default. This behavior enables a DBA to control table encryption usage by defining and enforcing schema and general tablespace encryption defaults.
但是 default_table_encryption 的默认值是 off:
Default Value OFF
Defines the default encryption setting applied to schemas and general tablespaces when they are created without specifying an ENCRYPTION clause.
The default_table_encryption variable is only applicable to user-created schemas and general tablespaces. It does not govern encryption of the mysql system tablespace.
请注意,如果您更改默认值,现有对象将不会自动加密,您必须明确更改它们。
我经历了 this page of MySQL Doc。对于 MySQL v8.0.x,文件系统中存储的数据(主要是 .ibd 文件)是否默认加密,我仍然不清楚?我在表空间上看到一堆信息:
The mysql system tablespace contains the mysql system database and MySQL data dictionary tables. It is unencrypted by default.
是否也意味着存储的数据默认没有加密?谁能帮我指出官方文档是怎么说的?
是的,默认情况下数据未加密。
在 MySQL 8.0.16 之前,您必须明确设置加密才能启用它,例如参见对于 File-Per-Table Tablespace Encryption:
Prior to MySQL 8.0.16, the ENCRYPTION clause must be specified to enable encryption.
这当然意味着如果你不指定它,它默认是禁用的。
自 MySQL 8.0.16 起,行为 is inherited:
As of MySQL 8.0.16, the default_table_encryption system variable defines the default encryption setting for schemas and general tablespaces. CREATE TABLESPACE and CREATE SCHEMA operations apply the default_table_encryption setting when an ENCRYPTION clause is not specified explicitly.
By default, a table inherits the encryption setting of the schema or general tablespace it is created in. For example, a table created in an encryption-enabled schema is encrypted by default. This behavior enables a DBA to control table encryption usage by defining and enforcing schema and general tablespace encryption defaults.
但是 default_table_encryption 的默认值是 off:
Default Value OFF
Defines the default encryption setting applied to schemas and general tablespaces when they are created without specifying an ENCRYPTION clause.
The default_table_encryption variable is only applicable to user-created schemas and general tablespaces. It does not govern encryption of the mysql system tablespace.
请注意,如果您更改默认值,现有对象将不会自动加密,您必须明确更改它们。