Support Features to Optimize System Security

scsldb commented 4 years ago

Description

[x] Support Transport Layer Security(TLS) for TiFlash https://github.com/pingcap/tidb/issues/18080 @lidezhu
[x] Support TLS in the internal communication of TiDB cluster https://github.com/pingcap/tiup/issues/529 @AstroProfundis

[x] Support Transparent Data Encryption(TDE) for TiFlash https://github.com/pingcap/tidb/issues/18082 @lidezhu
[x] Support Transparent Data Encryption(TDE) for PD https://github.com/pingcap/tidb/issues/18262 @yiwu-arbug

[x] Support De-Sensitization TiDB General Log https://github.com/pingcap/tidb/issues/18034 @lysu
[x] Support error/info log desensitization https://github.com/pingcap/tidb/issues/18566 @crazycs520

[x] Supports TLS and online reload with new certs in CDC https://github.com/pingcap/ticdc/issues/250
[x] Support TLS and online reload with new certs in DM https://github.com/pingcap/dm/issues/467
[ ] Support Security for TiSpark on Reading TiKV and TiFlash https://github.com/pingcap/tidb/issues/18087
[x] Support Authentication and Privileges for TiSpark https://github.com/pingcap/tidb/issues/18081

[ ] Support Data Mask and De-Identification like MySQL https://github.com/pingcap/tidb/issues/18083

Improve system security

GanttStart: 2020-07-04 GanttDue: 2020-11-28 GanttProgress: 30%

kolbe commented 4 years ago

Can we add "Support De-Sensitization TiDB Error Log" to the "Mask" section?

One implementation idea for that might be to avoid printing prepared statement arguments in the error log.

nolouch commented 4 years ago

@kolbe I have added it, I think the implementation idea you mentioned already done in https://github.com/pingcap/tidb/pull/18578. am I right?