DBZ-29 Changed MySQL connector to be able to hide, truncate, and mask specific columns #38
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes the MySQL connector to use regular expressions in the database and table blacklist/whitelists, and adds support for excluding, truncating, and masking certain columns.
Using regular expression patterns
Changed the MySQL connector to use comma-separated lists of regular expressions for the database and table whitelist/blacklists. Literals are still accepted and will match fully-qualified table names, although the
.
character used as a delimiter is also a special character in regular expressions and therefore may need to be escaped (e.g., preceded by a double backslash (\\
) or surrounded by square brackets) to more carefully match fully-qualified table names.Excluding columns
Added several new configuration properties for the MySQL connector that instruct it to hide, truncate, and/or mask certain columns. The properties' values are all lists of regular expressions or literal fully-qualified column names. For example, the following configuration property:
will cause the connector to leave out of change event messages for the
server.users
table those fields that correspond to thepicture
andothers
columns.Excluding columns in change events can help prevent dissemination of sensitive information.
Masking columns
An alternative to excluding/blacklisting columns is masking them. The following configuration property:
will cause the connector to mask in the change event messages for the
server.users
table all values for columns whose name ends inemail
. The values will be replaced in this case with a constant string of 10 asterisk (*
) characters, even when the email value is null. Although this example used a mask of 10 characters, any positive length can be specified; separate properties should be used when different mask lengths are required.Masking columns in change events can help prevent dissemination of sensitive information.
Truncating columns
It is also possible to truncate string values of specific columns to reduce the potential size of change events. The following configuration property:
is an example that shows how to configure the connector to truncate to at most 120 characters the values of the
description
andbiography
columns in the change event messages for theserver.users
table. Although this example used a limit of 120 characters, any positive length can be specified; separate properties should be used when different lengths are required. Note how the.
delimiter in the fully-qualified names is escaped since that same character is a special character in regular expressions; this escaping of the.
characters may not be required in all cases, but it is recommended.