As data security governance becomes an increasingly important global concern, ensuring the security of databases, foundational software for storing and managing critical data assets, has become a key challenge that requires collaboration between database vendors and customers. OceanBase has always prioritized product security. Over the years, it has actively complied with regulatory requirements, established a comprehensive security management system, and focused on building stable, reliable, secure, and open data infrastructure. Through continuous technological innovation, OceanBase helps customers protect the confidentiality, integrity, and availability of their data, earning its reputation as a trusted provider of foundational software. However, ensuring database security is not just the responsibility of vendors—it also requires close collaboration with customers.
Security is a key factor in evaluating the performance of a database. A database management system must prevent unauthorized access to safeguard the files and data it contains.
This topic provides the best practices for achieving data encryption.
MySQL tenant
Enable TLS data transmission encryption
OceanBase Database supports communication encryption to prevent the communication traffic among nodes from being intercepted or tampered with.
Related operations
Self-check
Log in to OceanBase Command-Line Client (OBClient) and run
\sto check whether SSL is enabled based on the SSL field for the OBServer node. If not,Not in useis displayed.obclient> \sThe return result is as follows:
obclient Ver 2.2.6 Distrib 10.4.18-MariaDB, for Linux (x86_64) using readline 5.1 Connection id: 3221487667 Current database: oceanbase Current user: root@100.88.114.135 SSL: Not in use Current pager: stdout Using outfile: '' Using delimiter: ; Server version: OceanBase 4.3.2.1 (r201000012024080617-2ecfa3a5c430a582c4884b287b9234a9a8553bf7) (Built Aug 6 2024 18:01:40) Protocol version: 10 Connection: xxx.xxx.xxx.xxx TCP/IP Server characterset: utf8mb4 Db characterset: utf8mb4 Client characterset: utf8mb4 Conn. characterset: utf8mb4 TCP port: 2881 Protocol: Compressed Active --------------Security hardening
For more information, see OBServer transmission encryption.
Enable TDE
OceanBase Database allows you to enable transparent data encryption (TDE) at the tablespace level to implement secure data storage.
Related operations
Self-check
For a MySQL tenant, execute the following statement:
obclient> SELECT table_name,encryptionalg,encrypted FROM oceanbase.V$OB_ENCRYPTED_TABLES;Security hardening
For more information, see Enable transparent data encryption for new tables in MySQL mode.
Oracle tenant
Enable TLS data transmission encryption
OceanBase Database supports communication encryption to prevent the communication traffic among nodes from being intercepted or tampered with.
Related operations
Self-check
Log in to OBClient and run
\sto check whether Transport Layer Security (TLS) is enabled based on the SSL field for the OBServer node. If not,Not in useis displayed.obclient> \sThe return result is as follows:
obclient Ver 2.2.6 Distrib 10.4.18-MariaDB, for Linux (x86_64) using readline 5.1 Connection id: 3221487669 Current database: SYS Current user: SYS SSL: Not in use Current pager: stdout Using outfile: '' Using delimiter: ; Server version: OceanBase 4.3.2.1 (r201000012024080617-2ecfa3a5c430a582c4884b287b9234a9a8553bf7) (Built Aug 6 2024 18:01:40) Protocol version: 10 Connection: xxx.xxx.xxx.xxx via TCP/IP Server characterset: utf8mb4 Db characterset: utf8mb4 Client characterset: utf8mb4 Conn. characterset: utf8mb4 TCP port: 2881 Protocol: Compressed Active --------------Security hardening
For more information, see OBServer transmission encryption.
Enable TDE
OceanBase Database allows you to enable TDE at the tablespace level to implement secure data storage.
Related operations
Self-check
For an Oracle tenant, execute the following statement:
obclient> SELECT table_name,encryptionalg,encrypted FROM V$OB_ENCRYPTED_TABLES;If the value of the
ENCRYPTEDfield isYES, TDE has been enabled.Security hardening
For more information, see Enable transparent data encryption for new tables in Oracle mode.