This topic outlines the data masking techniques supported by various compute engines, in conjunction with security algorithms.
Compute engine | Data masking method | Supported security algorithms |
MaxCompute | Security policy's algorithm package and the database's built-in function |
|
Hive | Security policy algorithms and database built-in functions |
|
AnalyticDB for PostgreSQL | Built-in Database Functions | The following encryption algorithms are not supported: Gaussian, sha256, sha384, sha512, salted sha256, salted sha384, salted sha512, and salted md5. |
Hologres | Built-in database function | The following encryption algorithms are not supported: Gaussian, sha256, sha384, sha512, salted sha256, salted sha384, salted sha512, and salted md5. |
StarRing ArgoDB | Built-in Database Functions | The following encryption algorithms are not supported: Gaussian, sha256, sha384, sha512, salted sha256, salted sha384, salted sha512, and salted md5. |
Data masking methods include UDF (User-Defined Function) masking, which leverages a security UDF installation package to protect data. This approach offers flexible data masking techniques but requires installation within the relevant project. Conversely, DB (Database) masking utilizes the compute engine's built-in functions for protection, enabling immediate use without installation, though it may not support certain data masking algorithms.
In environments with multiple compute engines under the same tenant, such as MaxCompute and Hologres, it is advisable to select data masking algorithms that are commonly supported. This approach helps prevent data masking failures due to incompatible algorithms.