Search

CN-117033445-B - Full-secret database cost transfer method, device, equipment and storage medium

CN117033445BCN 117033445 BCN117033445 BCN 117033445BCN-117033445-B

Abstract

The invention discloses a full-secret database cost transfer method, device, equipment and storage medium. The method comprises the steps of obtaining an initial Structured Query Language (SQL) statement, replacing constant data in the initial SQL statement with constant marks to obtain an SQL statement to be executed, sending the SQL statement to be executed to a server, receiving statement analysis information returned by the server, and sending response information comprising real data or encrypted data corresponding to the constant marks to the server according to the statement analysis information so that the server executes the SQL statement to be executed. According to the method, constant data in an initial SQL statement is replaced by constant marks, the replaced SQL statement is sent to a server, and the SQL statement is analyzed, so that whether the constant data needs to be encrypted or not is determined to be transferred to the server, and the overall performance of the full-secret database can be improved by utilizing the higher hardware performance of the server.

Inventors

  • GUO YAN
  • FENG YUESONG
  • HAN ZHUZHONG

Assignees

  • 上海达梦数据库有限公司

Dates

Publication Date
20260505
Application Date
20230817

Claims (13)

  1. 1. The full-secret database cost transfer method is characterized by being applied to the front end of a database, and comprises the following steps: Acquiring an initial Structured Query Language (SQL) statement; Replacing constant data in the initial SQL statement with a constant mark to obtain an SQL statement to be executed, wherein the constant data is the quantity which is endowed with a certain meaning and cannot be changed in the initial SQL statement, and the constant mark is a mark for the constant data; the SQL statement to be executed is sent to a server, and statement analysis information returned by the server is received; and sending response information comprising real data or encrypted data corresponding to the constant marks to the server according to the statement analysis information so as to enable the server to execute the SQL statement to be executed, wherein the real data is constant data which is not encrypted.
  2. 2. The method according to claim 1, wherein the sending response information including real data or encrypted data corresponding to the constant tag to the server according to the statement parsing information includes: Judging whether the constant marks have corresponding full-secret encryption information or not according to each constant mark in the statement analysis information; if yes, encrypting the real data corresponding to the constant mark according to the full-secret encryption information to obtain encrypted data, and adding the encrypted data corresponding to the constant mark and the mark number into response information; if not, adding the real data corresponding to the constant mark and the mark number into response information; And sending the response information to a server.
  3. 3. The method according to claim 1, wherein the method further comprises: receiving statement execution information returned by the server; Judging whether a target column in the statement execution information comprises full-secret encryption information or not; If yes, decrypting column data corresponding to the target column according to the full-secret encryption information in the statement execution information to obtain a plaintext result set.
  4. 4. The method according to claim 1, wherein the method further comprises: and if the created data table comprises a full-secret encryption column, sending the full-secret encryption information of the full-secret encryption column to the server.
  5. 5. A full-secret database cost transfer method, characterized in that it is applied to a server, the method comprising: the method comprises the steps of receiving an SQL statement to be executed sent by the front end of a database, wherein constant data in the SQL statement to be executed is replaced by a constant mark, the constant data is the amount which is given a certain meaning and cannot be changed in an initial SQL statement, and the constant mark is a mark for the constant data; Analyzing the SQL statement to be executed according to a full-secret metadata table to obtain statement analysis information, and sending the statement analysis information to the front end of the database; And receiving response information which is returned by the front end of the database and comprises real data or encrypted data corresponding to the constant marks so as to execute the SQL statement to be executed, wherein the real data is unencrypted constant data.
  6. 6. The method according to claim 5, wherein the parsing the SQL statement to be executed according to the full-secret metadata table to obtain statement parsing information includes: for each table column corresponding to the constant mark, inquiring whether the table column is a full-secret encryption column in a full-secret metadata table; If yes, acquiring full-secret encryption information corresponding to the table list, and adding a mark number corresponding to the constant mark and the full-secret encryption information to statement analysis information; If not, the tag number corresponding to the constant tag is added to the statement analysis information.
  7. 7. The method of claim 6, wherein the receiving response information returned by the database front end, including real data or encrypted data corresponding to the constant tag, to execute the SQL statement to be executed, includes: for each constant mark in the response information, inquiring a position corresponding to the constant mark in an execution plan corresponding to the SQL sentence to be executed according to the mark number; replacing the constant marks in the positions with real data or encrypted data of the constant marks; and after each constant mark in the response information is processed, executing the SQL sentence to be executed according to the execution plan.
  8. 8. The method of claim 5, further comprising, after executing the SQL statement to be executed: obtaining an execution result set of the SQL sentence to be executed, wherein the execution result set comprises a target column identifier corresponding to a target column and column data; for each target column in the execution result set, determining whether the target column is a full-secret encryption column according to the full-secret metadata table; if yes, adding the target column identification, column data and full-secret encryption information corresponding to the target column to statement execution information; if not, adding the target column identifier and the column data to statement execution information; And sending the statement execution information to the front end of the database.
  9. 9. The method of claim 5, wherein the method further comprises: receiving full-secret encryption information of a full-secret encryption column sent by the front end of the database; And storing the full-secret encryption information in a full-secret metadata table.
  10. 10. A full-secret database cost transfer device, applied to a database front end, the device comprising: the acquisition module is used for acquiring an initial structured query language SQL statement; the replacing module is used for replacing constant data in the initial SQL statement with constant marks to obtain an SQL statement to be executed, wherein the constant data is the quantity which is endowed with a certain meaning and cannot be changed in the initial SQL statement, and the constant marks are marks for the constant data; The first receiving module is used for sending the SQL statement to be executed to a server and receiving statement analysis information returned by the server; and the first sending module is used for sending response information comprising real data or encrypted data corresponding to the constant marks to the server according to the statement analysis information so as to enable the server to execute the SQL statement to be executed, wherein the real data is constant data which is not encrypted.
  11. 11. An all-secret database cost transfer device, applied to a server, comprising: the system comprises a first receiving module, a second receiving module and a processing module, wherein the first receiving module is used for receiving a constant data in a database, the constant data in the database is replaced by a constant mark, the constant data is a quantity which is endowed with a certain meaning and can not be changed in an initial SQL, and the constant mark is a mark for the constant data; The second sending module is used for analyzing the SQL statement to be executed according to the full-secret metadata table to obtain statement analysis information, and sending the statement analysis information to the front end of the database; And the execution module is used for receiving response information which is returned by the front end of the database and comprises real data or encrypted data corresponding to the constant marks so as to execute the SQL statement to be executed, wherein the real data is unencrypted constant data.
  12. 12. An electronic device, the electronic device comprising: at least one processor, and A memory communicatively coupled to the at least one processor, wherein, The memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the full-secret database cost transfer method of any one of claims 1-4 or 5-9.
  13. 13. A computer readable storage medium storing computer instructions for causing a processor to implement the full dense database cost transfer method of any of claims 1-4 or 5-9 when executed.

Description

Full-secret database cost transfer method, device, equipment and storage medium Technical Field The embodiment of the invention relates to the technical field of information security, in particular to a full-secret database cost transfer method, device and equipment and a storage medium. Background In the full-secret database, a user can specify that the columns of the table are full-secret encryption columns, and the column data always exists in the form of ciphertext in various links such as transmission, calculation, storage and the like, so that the security of the data can be greatly improved. The full-secret database divides the lifecycle domain of data into a trusted domain and an untrusted domain. The trusted domain is typically a database client, an upper layer user program, etc., where data is considered secure, can be decrypted and the plaintext information exposed. The untrusted domain is usually a network transmission environment, a database server and comprises a memory and a hard disk of the server, and the data must exist in the form of ciphertext in the untrusted domain all the way, otherwise, the private data leakage is considered to occur. In most database application scenes, the front end of the database in the trusted domain generally has no good hardware configuration such as computing power, memory capacity and the like, such as web services only providing data display functions, middleware for calling a database interface and the like. While database servers in the untrusted domain have a strong hardware performance. However, a large amount of work in the full-secret database is completed at the front end of the database, the analysis of SQL sentences by the front end of the database can cause the front end program of the database to occupy a large amount of memory space and consume a large amount of time, and meanwhile, the poor computing power of the front end of the database can also cause the poor overall performance of the full-secret database. Disclosure of Invention The invention provides a cost transfer method, device and equipment for a full-secret database and a storage medium, which are used for solving the problem of poor overall performance of the full-secret database in the prior art. According to an aspect of the present invention, there is provided a full-secret database cost transfer method applied to a database front end, the method comprising: Acquiring an initial Structured Query Language (SQL) statement; replacing constant data in the initial SQL sentence with constant marks to obtain an SQL sentence to be executed; the SQL statement to be executed is sent to a server, and statement analysis information returned by the server is received; and sending response information comprising real data or encrypted data corresponding to the constant marks to the server according to the statement analysis information so as to enable the server to execute the SQL statement to be executed. According to another aspect of the present invention, there is provided a full-secret database cost transfer method, applied to a server, the method comprising: Receiving an SQL statement to be executed sent by the front end of a database, wherein constant data in the SQL statement to be executed is replaced by a constant mark; Analyzing the SQL statement to be executed according to a full-secret metadata table to obtain statement analysis information, and sending the statement analysis information to the front end of the database; and receiving response information which is returned by the front end of the database and comprises real data or encrypted data corresponding to the constant marks, so as to execute the SQL statement to be executed. According to another aspect of the present invention, there is provided an all-secret database cost transfer apparatus applied to a database front end, the apparatus comprising: the acquisition module is used for acquiring an initial structured query language SQL statement; the replacing module is used for replacing constant data in the initial SQL sentence with constant marks to obtain an SQL sentence to be executed; The first receiving module is used for sending the SQL statement to be executed to a server and receiving statement analysis information returned by the server; And the first sending module is used for sending response information comprising real data or encrypted data corresponding to the constant marks to the server according to the statement analysis information so as to enable the server to execute the SQL statement to be executed. According to another aspect of the present invention, there is provided an all-secret database cost transfer apparatus applied to a server, the apparatus comprising: The second receiving module is used for receiving the SQL statement to be executed sent by the front end of the database, wherein the constant data in the SQL statement to be executed is replaced by a constant mark; The second sending module is