Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Features to Optimize System Security #18084

Open
9 of 11 tasks
scsldb opened this issue Jun 17, 2020 · 2 comments
Open
9 of 11 tasks

Support Features to Optimize System Security #18084

scsldb opened this issue Jun 17, 2020 · 2 comments
Assignees
@ilovesoup
Labels
feature/accepted This feature request is accepted by product managers priority/P0 The issue has P0 priority. type/feature-request Categorizes issue or PR as related to a new feature.
Milestone
v5.0.0 ga

Comments

@scsldb
Copy link

scsldb commented Jun 17, 2020
edited by dveeden
Loading

Description

P0 Task List:

Authentication

Transparent Data Encryption(TDE)

Data Mask and De-Identification

P1 Task List:

Authentication

Data Mask and De-Identification

For more details task: https://docs.google.com/document/d/1fMj6rCGrK_Gr4WeMJmBNGfPoZKG-dtVsq1VfWIHf558/edit#heading=h.r8aswyjagfkz

Category

Feature, Security

Value

Improve system security

Schedule

GanttStart: 2020-07-04
GanttDue: 2020-11-28
GanttProgress: 30%

Progress Tracking
@scsldb scsldb added type/feature-request Categorizes issue or PR as related to a new feature. priority/P0 The issue has P0 priority. labels Jun 17, 2020
@scsldb scsldb added this to the v5.0-alpha milestone Jun 17, 2020
@zhangjinpeng87 zhangjinpeng87 removed their assignment Jul 10, 2020
@zz-jason zz-jason changed the title Optimize system security feature Support Features to Optimize System Security Jul 10, 2020
@kolbe
Copy link
Contributor

kolbe commented Jul 14, 2020
edited
Loading

Can we add "Support De-Sensitization TiDB Error Log" to the "Mask" section?

One implementation idea for that might be to avoid printing prepared statement arguments in the error log.

#18566

@scsldb scsldb modified the milestones: v5.0.0-alpha, v5.0.0-beta.1 Jul 15, 2020
@scsldb scsldb added the feature/accepted This feature request is accepted by product managers label Jul 16, 2020
@zz-jason zz-jason mentioned this issue Jul 20, 2020
Open
@nolouch
Copy link
Member

nolouch commented Jul 24, 2020

@kolbe I have added it, I think the implementation idea you mentioned already done in #18578. am I right?

@nolouch nolouch assigned zanmato1984 and unassigned zanmato1984 and nolouch Jul 31, 2020
@nolouch nolouch mentioned this issue Aug 2, 2020
Closed
10 tasks
@zz-jason zz-jason mentioned this issue Aug 7, 2020
Closed
@zanmato1984 zanmato1984 assigned ilovesoup and unassigned zanmato1984 Aug 13, 2020
@scsldb scsldb modified the milestones: v5.0.0-beta.1, v5.0.0-rc Dec 14, 2020
@jebter jebter removed this from the v5.0.0-rc milestone Jan 18, 2021
@jebter jebter added this to the v5.0.0 milestone Jan 18, 2021
@dveeden dveeden mentioned this issue Apr 19, 2021
Merged
dveeden added a commit to dveeden/tidb that referenced this issue Aug 2, 2021
@dveeden
util,server: Automatically create TLS certificates
7763c4f 
If no `ssl-cert` or `ssl-key` are specified: Create a self signed
cert in the temp storage and use that.

This allows TLS to be used when no user created certificates are
available.

Especially for `tiup playground` and other simple cases this should be
sufficient.

Note that for `caching_sha2_password` support we will either need TLS
connections or RSA keypairs. This brings us a step closer in that
direction.

The created certificate are valid for 90 days and new certificates are
created every 30 days.

See also:
- "Automatic SSL and RSA File Generation" on https://dev.mysql.com/doc/refman/8.0/en/creating-ssl-rsa-files-using-mysql.html
- https://docs.pingcap.com/tidb/stable/enable-tls-between-clients-and-servers
- pingcap#9411
- pingcap#18084
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ilovesoup ilovesoup

Labels
feature/accepted This feature request is accepted by product managers priority/P0 The issue has P0 priority. type/feature-request Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
v5.0.0 ga
Development

No branches or pull requests
7 participants
@zanmato1984 @kolbe @ilovesoup @jebter @scsldb @nolouch @zhangjinpeng87