使用 MySQL 中的视图维护 HIPAA 合规性
问题
我们有一个大型 Web 应用程序,用于存储和显示与 HIPAA 相关的敏感数据。我们目前正在研究提高 HIPAA 合规性并降低违规风险的方法。
目前,有一些功能和报告无法根据登录人员的权限正确限制客户端信息(例如客户端搜索功能和某些旧报告)。
可能的解决方案
从编程的角度解决问题
我们总是可以重写导致不合规的代码部分。问题是,考虑到应用程序的规模,这种方法很容易出错——可能会错过一些东西。
更改数据库以限制返回的数据
我们可以更改 MySQL 数据库结构以反映应用程序所需的必要权限限制。这样,没有人可以看到他们不应该看到的数据,因为数据库不会返回他们不应该看到的数据。
我的问题
该应用程序本身有近 300 个表,其中大部分存储某种敏感数据。是否有可能(并且可行)使用 MySQL 视图来限制数据访问?
如果是这样,最好的方法是什么?
The Problem
We have a large web application that stores and displays sensitive HIPAA-related data. We're currently researching ways to improve HIPAA compliance and reduce the risk of having a violation.
Currently, there are several features and reports that do not correctly restrict client information based on the permissions of the person who's logged in (e.g. the client search capability and certain legacy reports).
Possible Solutions
Take care of the problem from a programatic perspective
We could always just rewrite the sections of the code that are causing the non-compliance. The trouble is, this approach is highly error prone given the scale of the application - stuff could get missed.
Altering the Database to Restrict the data that gets returned
We could alter the MySQL database structure to reflect the necessary permission restrictions needed in the application. That way, no one can see data they shouldn't because the database won't return data they shouldn't see.
My Question
The application itself has nearly 300 tables, most of which store some sort of sensitive data. Is it possible (and feasible) to use MySQL views to restrict data access?
If so, what's the best approach?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以使用视图来限制或显示您想要的任何数据,只需调整视图中使用的查询即可。
您需要将原始表重命名为“原始表”之类的名称,然后将视图命名为原始表的名称。
您的程序不会知道或关心它现在正在访问视图而不是表。它将像以前一样继续提取数据。您还可以为您不希望返回实际值的字段添加空白值或默认值。举个例子(如果您有一个字段“DOB”并且您不再希望返回出生日期,您可以简单地将“01-01-2001”写为 DOB)。
您可以使用 MYSQL 网站上的示例来了解如何创建视图。
http://dev.mysql.com/doc/refman/5.0 /en/create-view.html
You can utilize a view to restrict or present any data you wish simply by tweaking the query utilized in the view.
You will need to rename the original table, to something like "original table", then name your view the name of the original table.
Your program will not know or care that it is now accessing a view rather than a table. It will continue to pull data as before. You can also include blank or default values for fields you do not wish to return actual values for. As an example (if you have a field "DOB" and you no longer wish to return the birth date you can simply write '01-01-2001' as DOB).
You can use the examples from MYSQL's website on how to create a view.
http://dev.mysql.com/doc/refman/5.0/en/create-view.html