Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] 在 Byzer 脚本中使用敏感字符串时,Byzer 支持 AES 加密. Byzer supports AES encryption when using sensitive strings in Byzer script. #1706

Closed
ZhengshuaiPENG opened this issue Mar 8, 2022 · 3 comments
Closed

[Feature] 在 Byzer 脚本中使用敏感字符串时,Byzer 支持 AES 加密. Byzer supports AES encryption when using sensitive strings in Byzer script. #1706

ZhengshuaiPENG opened this issue Mar 8, 2022 · 3 comments
Assignees
@hellozepp
Labels
Difficulty:Middle Documentation
Milestone
Sprint-03/25

Comments

@ZhengshuaiPENG
Copy link
Contributor

ZhengshuaiPENG commented Mar 8, 2022
edited
Loading

Background

Currently, if we want to use a sensitive string like a password in Byzer Script, what we can do is just use the password as plain text in byzer script, which is not secure and mostly does not satisfy the IT policy within the company.

So Byzer should support the encode and decode sensitive string when scripting

The scenario example:

If we want to send an email, the code like below

-- send email
run${CONTENT} as SendMultiMails.``
where mailType = "config"
and attachmentType = "text/csv"
and from = "${EMAIL_FROM}"
and to = "${EMAIL_TO}"
and cc = "${EMAIL_CC}"
and smtpHost = "${HOST}"
and smtpPort = "${PORT}"

and `properties.mail.smtp.starttls.enable`= "true"
and `properties.mail.smtp.ssl.protocols`="TLSv1.2"

and userName = "${USERNAME}"
and password="${PWD}";

if the value of the sender's password is 123456, here we need to fill the password as plain text 123456.

The proposal

  1. Provide aes encode/encode macro function
!aes_encode "123456";

this will return an encrypted string of "123456", we refer to it as "xxxxxx"

!aes_decode "xxxxxx";

this will return a decrypted string of "xxxxxx", it should return "123456"

  1. provide aes encode/encode udf function
select aes_encode("123456") as t1;

this will return an encrypted string of "123456", we refer to it as "xxxxxx"

select aes_decode("xxxxxx") as t2;

this will return a decrypted string of "xxxxxx", it should return "123456"

Solution for the scenario above

  1. First, the user can run
!aes_encode "123456";

or

select aes_encode("123456") as t1;

to get the encrypted value of password,we refer to it as ”xxxxxx“

  1. set the variable PWD in byzer script as below
 set PWD = `select aes_decode("xxxxxx")` where type="sql";
  1. send email
-- send email
run${CONTENT} as SendMultiMails.``
where mailType = "config"
and attachmentType = "text/csv"
and from = "${EMAIL_FROM}"
and to = "${EMAIL_TO}"
and cc = "${EMAIL_CC}"
and smtpHost = "${HOST}"
and smtpPort = "${PORT}"

and `properties.mail.smtp.starttls.enable`= "true"
and `properties.mail.smtp.ssl.protocols`="TLSv1.2"

and userName = "${USERNAME}"
and password="${PWD}";

This solution will keep the encrpted password in the byzer script instead of plain text
@ZhengshuaiPENG ZhengshuaiPENG added this to the Sprint-03/11 milestone Mar 8, 2022
@chncaesar chncaesar assigned hellozepp and chncaesar and unassigned chncaesar and hellozepp Mar 9, 2022
@chncaesar
Copy link
Contributor

Closed

@hellozepp hellozepp self-assigned this Mar 16, 2022
@hellozepp hellozepp reopened this Mar 16, 2022
@hellozepp
Copy link
Contributor

Add Aes util to Byzer-lang

@chncaesar chncaesar mentioned this issue Mar 25, 2022
Merged
3 tasks
@hellozepp
Copy link
Contributor

hellozepp commented Mar 25, 2022
edited
Loading

change the udF name

Ase encryption UDF: aes_encrypt

Ase decrypts UDF: aes_decrypt

@Lindsaylin Lindsaylin changed the title [Feature] Byzer should support AES encryption when using sensitive string in Byzer Script [Feature] 在 Byzer 脚本中使用敏感字符串时,Byzer 支持 AES 加密. Byzer supports AES encryption when using sensitive strings in Byzer script. Mar 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hellozepp hellozepp

Labels
Difficulty:Middle Documentation
Projects
None yet
Milestone
Sprint-03/25
Development

No branches or pull requests
3 participants
@ZhengshuaiPENG @chncaesar @hellozepp