search

cossacklabs / acra

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.
https://www.cossacklabs.com/acra/
Apache License 2.0
1.32k stars 127 forks source link

What should be the approach to supporting Microsoft SQL Server and Oracle? #704

Open samwell-ho opened 1 month ago

samwell-ho commented 1 month ago

I looked at the ACRA documentation and found out that currently only MySQL/PostgreSQL is supported.

However, it supports SQL database management systems. So is there any way to integrate with Microsoft SQL Server and Oracle?

What should be the approach to supporting Microsoft SQL Server and Oracle?

Lagovas commented 1 month ago

We don't have plans about mssql & oracle, and we didn't have requests for that. To add support of new databases we need specifications of db wire protocols that proprietary db rarely provides it

samwell-ho commented 1 month ago

I think AcraTranslator can be used for proprietary databases (no published data reading and writing protocols) such as Oracle, MSSQL,...

I'm just wondering about its performance when processing large data, I'm not sure if it can handle data processing with tens of millions of records?

Lagovas commented 1 month ago

I think AcraTranslator can be used for proprietary databases (no published data reading and writing protocols) such as Oracle, MSSQL,...

Yes, you can use AcraTranslator for all other databases not supported by AcraServer. In this case, your app will be the proxy between the database and target data clients. You can implement your own DAO service to encapsulate all crypto and security operations, passing data through AcraTranslator before saving it to the database and before passing it forward to the client services.

I'm just wondering about its performance when processing large data, I'm not sure if it can handle data processing with tens of millions of records?

Anyway, you need benchmarks and tests with your setup and required security controls. Any generic benchmark will not tell you whether will it provide the required SLA or not. And it's up to you how to handle it. You can scale AcraTranslator's horizontally, you can parallelize queries from your app to AcraTranslator, and so on. About millions of records. Does your app load 10kk records from the database to the memory or does it query a smaller set of data from the 10kk records? If your database stores 10kk rows, your app gets as a result only 100 rows, so the service will need to pass through AcraTranslator only 100 rows to get decrypted/deanonymised data.