mongodb MongoDB数据库加密
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8803332/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
MongoDB database encryption
提问by devnill
I'm looking to design a webapp which stores private information securely using MongoDB. I would like to encrypt the entire database but it looks like it's not supported. What routes can I take to encrypt my database?
我希望设计一个使用 MongoDB 安全存储私人信息的 web 应用程序。我想加密整个数据库,但它看起来不受支持。我可以采取哪些途径来加密我的数据库?
采纳答案by GammaOmega
MongoDB 3.2(Released in November 2015) offers an encrypted storage engine. No need to use third party APIs to encrypt your data before insertion or encrypt the whole drive. You can find more details here. However, note that it is only offered for the Enterprise edition only.
MongoDB 3.2(2015年11 月发布)提供了一个加密存储引擎。在插入或加密整个驱动器之前,无需使用第三方 API 来加密您的数据。您可以在此处找到更多详细信息。但是,请注意,它仅适用于企业版。
It works with the WiredTiger storage engine, which has been the included as an alternative to the default MMAPv1 storage engine since 3.0. If your database is still using MMAPv1, read this guidefor the steps to convert a database from MMAPv1 to WiredTiger.
它与 WiredTiger 存储引擎一起使用,自 3.0 以来,该引擎已作为默认 MMAPv1 存储引擎的替代方案包含在内。如果您的数据库仍在使用 MMAPv1,请阅读本指南以了解将数据库从 MMAPv1 转换为 WiredTiger 的步骤。
As Fernando Paz noted in the comments, the encrypted storage is only available in MongoDB Enterprise edition.
正如 Fernando Paz 在评论中指出的那样,加密存储仅在 MongoDB 企业版中可用。
回答by benjamincarter
Great question! With Big Data on the rise, securing data at rest is more important than ever!
好问题!随着大数据的兴起,保护静态数据比以往任何时候都更加重要!
MongoDBdoesn't support this directly, but Gazzang's Encryption & Key Management Platform has been specifically tailored for MongoDB (though it works with other NOSQL database systems too). It's is a commercial solution built on top of the open source eCryptfsencrypted filesystem in Linux, and it performs the encryption on the underlying filesystem in a way that security is maximized with minimal adverse effects on performance.
MongoDB不直接支持这一点,但Gazzang的加密和密钥管理平台是专门为 MongoDB 量身定制的(尽管它也适用于其他 NOSQL 数据库系统)。它是一个建立在 Linux 中开源eCryptfs加密文件系统之上的商业解决方案,它在底层文件系统上执行加密,以最大限度地提高安全性并对性能产生最小的不利影响。
With customizable Access Control Lists, your unencrypted MongoDB data will only be accessible by users or processes of your choice. Check out this Big Data Security whitepaperor visit www.securingbigdata.comfor more information.
使用可定制的访问控制列表,您未加密的 MongoDB 数据只能由您选择的用户或进程访问。查看此大数据安全白皮书或访问www.securingbigdata.com了解更多信息。
Full disclosure: I'm employed by Gazzang.
完全披露:我受雇于 Gazzang。
回答by Dharshan
I would recommend that you use LUKSto encrypt your data volume. It is fairly simple to setup and manage compared to file system based encryption. It is also portable to various flavors of Linux and also has flexibility to let you change your password. If you need a solution out of the box Scalegrid.io encryption supportprovides this feature in the mongodb cluster creation wizard
我建议您使用LUKS来加密您的数据量。与基于文件系统的加密相比,它的设置和管理相当简单。它还可以移植到各种 Linux 版本,并且还具有让您更改密码的灵活性。如果您需要开箱即用的解决方案Scalegrid.io 加密支持在 mongodb 集群创建向导中提供此功能
Disclaimer: I am the founder of Scalegrid.io
免责声明:我是 Scalegrid.io 的创始人
