{"id":10792,"date":"2022-06-27T14:12:29","date_gmt":"2022-06-27T11:12:29","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10792"},"modified":"2022-06-27T14:12:29","modified_gmt":"2022-06-27T11:12:29","slug":"mongodb-queryable-encryption","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/mongodb-queryable-encryption\/10792\/","title":{"rendered":"Veri s\u0131z\u0131nt\u0131lar\u0131yla m\u00fccadelede veritaban\u0131 \u015fifrelemesi"},"content":{"rendered":"

Veri s\u0131z\u0131nt\u0131lar\u0131 son zamanlarda endi\u015fe verici bir \u015fekilde yayg\u0131nla\u015f\u0131yor. Siber su\u00e7lular, veritabanlar\u0131na ve veritabanlar\u0131nda depolanan kay\u0131tlara eri\u015fmek i\u00e7in her t\u00fcrl\u00fc y\u00f6nteme ba\u015fvurur. Veritabanlar\u0131n\u0131 g\u00fcvence alt\u0131na alman\u0131n en mant\u0131kl\u0131 yolu \u015fifreleme yapmak, ancak bu pek pratik de\u011fil. Ne de olsa, bir hizmetin bir veritaban\u0131na eri\u015fimi ne kadar fazlaysa, o kadar yava\u015f yan\u0131t verir. Bu veritaban\u0131 bir de \u015fifrelenmi\u015fse, yan\u0131t s\u00fcresi daha \u00e7ok uzayabilir. 2009\u2019da veritaban\u0131 \u015fifrelemede kar\u015f\u0131la\u015f\u0131lan temel sorunlar\u0131 konu edinen bir \u00e7al\u0131\u015fman\u0131n<\/a> da g\u00f6sterdi\u011fi \u00fczere, her \u015fey bununla da s\u0131n\u0131rl\u0131 kalm\u0131yor. Bu y\u0131l\u0131n Haziran ay\u0131na hemen geri d\u00f6nelim. MongoDB veritaban\u0131 y\u00f6netim sisteminin (DBMS) geli\u015ftiricileri, g\u00fcncel s\u00fcr\u00fcmlerinde bir yenili\u011fin duyurusunu yapt\u0131<\/a>: Queryable Encryption deste\u011fi. Queryable Encryption, verileri, ge\u00e7erli sorgu yan\u0131t s\u00fcreleriyle \u015fifrelenmi\u015f bi\u00e7imde depolaman\u0131n bir yolu.<\/p>\n

Ger\u00e7ek d\u00fcnya performans\u0131<\/h2>\n

Bu yeni teknolojinin arkas\u0131ndaki beyin, ger\u00e7ek d\u00fcnyada g\u00fcvenilir \u015fifrelemenin uygulanmas\u0131 \u00fczerine bir\u00e7ok detayl\u0131 \u00e7al\u0131\u015fmas\u0131 bulunan Brown \u00dcniversitesi (ABD, Rhode Island Eyaleti, Providence) Bilgisayar Bilimleri Do\u00e7enti Seny Kamara<\/a>. MongoDB, Kamara\u2019n\u0131n startup\u0131n\u0131 sat\u0131n ald\u0131\u011f\u0131nda, Kamara, ara\u015ft\u0131rmalar\u0131n\u0131 performanstan \u00f6d\u00fcn vermeden veritabanlar\u0131n\u0131 koruyacak g\u00fcvenilir bir y\u00f6ntem geli\u015ftirmeye y\u00f6neltmi\u015fti.<\/p>\n

\"\"

\u015eifreli veritaban\u0131 eri\u015fimi i\u00e7in olu\u015fturulmu\u015f sistem. Kaynak<\/a>.<\/p><\/div>\n

\u00a0<\/p>\n

Veritaban\u0131 geli\u015ftiricilerinin ve operat\u00f6rlerinin \u00f6nceli\u011finin her zaman i\u00e7in h\u0131z ve g\u00fcvenilirlik oldu\u011fu ve bu ikiliye, korumadan daha fazla \u00f6nem verdikleri apa\u00e7\u0131k ortada. \u015eifreleme uzmanlar\u0131, veri \u015fifrelerinin \u00e7\u00f6z\u00fclmesini imkans\u0131zla\u015ft\u0131rmay\u0131 \u00f6nceler ve uygunlu\u011fu ikinci planda tutarlar. Bu y\u00fczden, \u00f6nceki \u00e7\u00f6z\u00fcmler ya verileri h\u0131zl\u0131 ama g\u00fcvenilmez bir \u015fekilde ya da g\u00fcvenli ama can s\u0131k\u0131c\u0131 derecede yava\u015f bir \u015fekilde \u015fifreliyor. Kamara, bilimsel yakla\u015f\u0131m\u0131<\/a> (yani, g\u00fc\u00e7l\u00fc \u015fifreleme) kullan\u0131c\u0131lar\u0131n ihtiya\u00e7lar\u0131yla (yani, h\u0131zl\u0131 yan\u0131t s\u00fcreleri) bir araya getiriyor. MongoDB\u2019de g\u00f6r\u00fcn\u00fcm\u00fc \u015fu \u015fekilde:<\/p>\n

Bir kullan\u0131c\u0131n\u0131n g\u00fcvenlik numaras\u0131n\u0131 kullanarak, kullan\u0131c\u0131 verisine ula\u015fmam\u0131z gerekti\u011fini varsayal\u0131m. SSN\u2019i al\u0131yoruz, \u015fifreliyoruz ve sorgulaman\u0131n bir par\u00e7as\u0131 olarak \u015fifreli bi\u00e7imde veritaban\u0131na g\u00f6nderiyoruz. Bunun \u00fczerine veritaban\u0131, kullan\u0131c\u0131 hakk\u0131nda di\u011fer bilgileri bize g\u00f6steriyor: ad, telefon numaras\u0131, e-posta adresi. Veritaban\u0131nda hi\u00e7bir \u015fifre \u00e7\u00f6zme i\u015flemi yap\u0131lmad\u0131\u011f\u0131n\u0131 unutmay\u0131n. Yan\u0131tta oldu\u011fu gibi, sorgulama da yaln\u0131zca \u015fifrelenmi\u015f verileri kaps\u0131yor. As\u0131l \u00f6nemli olansa, verilerin \u015fifresini \u00e7\u00f6zecek gizli anahtarlar hi\u00e7bir yerde depolanmaz: Ne veritaban\u0131 sunucusunda ne de istemcide. Yani, sald\u0131rganlar veritaban\u0131na eri\u015fim sa\u011flasa bile, kullan\u0131c\u0131 verileri g\u00fcvende olur.<\/p>\n

Umar\u0131m, bu parlak gelece\u011fi g\u00f6rebiliriz.<\/h2>\n

Peki bu \u00e7ok ciddi bir sorunsa, neden daha \u00f6nce veritaban\u0131 \u015fifreleme \u00e7\u00f6z\u00fcmleri yoktu? Asl\u0131nda, uzunca bir s\u00fcredir tercih edilen birka\u00e7 \u00e7\u00f6z\u00fcm var. Ancak bu \u00e7\u00f6z\u00fcmler, \u00e7o\u011funlukla performans odakl\u0131yd\u0131. \u015eifreleme ise minik bir tiyatro oyunu: Ama\u00e7, denetmenlere koruman\u0131n tamamen ihmal edilmedi\u011fini g\u00f6stermek. Bu y\u00fczden, mevcut \u00e7\u00f6z\u00fcmlerin bir\u00e7ok g\u00fcvenlik a\u00e7\u0131\u011f\u0131 var. \u00d6rne\u011fin, CryptDB ile \u015fifrelenmi\u015f bir veritaban\u0131n\u0131n tamam\u0131 ele ge\u00e7irilirse, depolanm\u0131\u015f verilerin b\u00fcy\u00fck k\u0131sm\u0131n\u0131n \u015fifresinin \u00e7\u00f6z\u00fclebilece\u011fi<\/a> ortaya \u00e7\u0131kt\u0131. Yani, bu \u00e7e\u015fit bir \u015fifreleme, bilgisayar korsanlar\u0131 i\u00e7in sadece bir kar\u0131n a\u011fr\u0131s\u0131. Di\u011fer \u00e7\u00f6z\u00fcmlerde oldu\u011fu gibi, bu \u00e7\u00f6z\u00fcmde de \u015fifreleme y\u00f6nteminin dayan\u0131kl\u0131l\u0131\u011f\u0131 hi\u00e7 denetlenmedi.<\/p>\n

Bu durum, pratik \u015fifrelemede kar\u015f\u0131la\u015f\u0131lan yayg\u0131n bir sorun. \u00d6zellikle bilgi sistemi geli\u015ftiricileri kendilerini, \u015firket i\u00e7inde \u00f6zel veri \u015fifreleme ihtiya\u00e7lar\u0131n\u0131 kar\u015f\u0131layacak bir \u015fey yapmaya mecbur hissettiklerinde ortaya \u00e7\u0131k\u0131yor. Bu \u201cbir \u015fey\u201d, geli\u015ftirme s\u00fcreci s\u0131ras\u0131nda, son ara\u015ft\u0131rmalar pek dikkate al\u0131nmad\u0131\u011f\u0131 i\u00e7in sald\u0131r\u0131ya a\u00e7\u0131k hale gelir. G\u00fcvenlik a\u00e7\u0131klar\u0131 da ancak, algoritmay\u0131 analiz ederek ve i\u015fleyi\u015fini tahmin ederek<\/em> belirlenebilir. Neticede, verileriniz teorik olarak \u015fifrelendi. Ancak prati\u011fe bakarsak, uzun bir s\u00fcredir karaborsada sat\u0131\u015fta.<\/a><\/p>\n

G\u00f6r\u00fcn\u00fc\u015fe bak\u0131l\u0131rsa, MongoDB Queryable Encryption, bilim ve i\u015f d\u00fcnyas\u0131n\u0131n i\u015flevsellik y\u00f6n\u00fcnden kesi\u015fmesini sa\u011flayan bir ilk. Yeni \u015fifreleme y\u00f6nteminde olmas\u0131 gereken tek \u015fey verilerin g\u00fcvende oldu\u011funu kan\u0131tlamak i\u00e7in resmi denetimden ge\u00e7mek. (ilk geri bildirimler \u00e7o\u011funlukla olumlu<\/a>). Ger\u00e7ek kullan\u0131c\u0131lardan da girdi edinilmeli: \u015eifrelemenin performansa etkisi var m\u0131? Ayr\u0131ca, benzer prensiplere sahip rakip bir sistemi piyasada g\u00f6rmek g\u00fczel olurdu. Ne de olsa, sa\u011fl\u0131kl\u0131 bir rekabet ortam\u0131, geli\u015fimin anahtar\u0131.<\/p>\n

Peki, s\u0131rada ne var?\u2026.<\/h2>\n

M\u00fc\u015fteri verilerine \u00f6nem veren \u015firketlerde, hemen hemen her \u015fey zaten \u015fifrelenir: yedekler, e-posta, cihazlar ve \u015firket a\u011f\u0131. K\u0131sacas\u0131 veritabanlar\u0131, d\u00fcz metinde saklanan \u00f6nemli bilgilerin s\u0131\u011f\u0131na\u011f\u0131 olabilecek konumda. Evet, bu t\u00fcr veritabanlar\u0131 d\u0131\u015far\u0131dan s\u0131zma tehditlerine kar\u015f\u0131 maksimum koruma sa\u011fl\u0131yor. Ancak yine de savunmas\u0131zlar. O halde, \u015fifrelenmi\u015f veritaban\u0131 y\u00f6netim sistemlerinin ba\u015far\u0131l\u0131 bir \u015fekilde piyasaya s\u00fcr\u00fclmesinin, kullan\u0131c\u0131 verilerinin \u00e7al\u0131nmas\u0131na kar\u015f\u0131 bir \u00f6nlem olaca\u011f\u0131n\u0131 umal\u0131m. Bireysel kullan\u0131c\u0131lara y\u00f6nelik ya da do\u011fas\u0131 gere\u011fi \u00e7evrimi\u00e7i olarak hali haz\u0131rda bulunan a\u00e7\u0131k verileri toplamak i\u00e7in yap\u0131lan sald\u0131r\u0131lar elbette devam edecek. Fakat bir seferde y\u00fcz milyon hesab\u0131 \u00e7almak? Veritaban\u0131 \u015fifrelemesindeki geli\u015fmeler, b\u00f6yle olaylar\u0131 tarihe g\u00f6mecek gibi g\u00f6z\u00fck\u00fcyor.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

MongoDB veritaban\u0131 y\u00f6netim sisteminde Queryable Encryption ve veri korumas\u0131na katk\u0131lar\u0131. <\/p>\n","protected":false},"author":665,"featured_media":10793,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[2007,2559],"class_list":{"0":"post-10792","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-sizintilar","10":"tag-veritabanlari"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/mongodb-queryable-encryption\/10792\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/mongodb-queryable-encryption\/24297\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/mongodb-queryable-encryption\/19765\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/mongodb-queryable-encryption\/26650\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/mongodb-queryable-encryption\/24594\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/mongodb-queryable-encryption\/24968\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/mongodb-queryable-encryption\/33348\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/mongodb-queryable-encryption\/44680\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/mongodb-queryable-encryption\/19072\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/mongodb-queryable-encryption\/28933\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/mongodb-queryable-encryption\/25132\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/mongodb-queryable-encryption\/30664\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/mongodb-queryable-encryption\/30413\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/sizintilar\/","name":"s\u0131z\u0131nt\u0131lar"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10792","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/665"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10792"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10792\/revisions"}],"predecessor-version":[{"id":10795,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10792\/revisions\/10795"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10793"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10792"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10792"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10792"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}