This article explains why encrypting sensitive fields like passwords, phone numbers, and ID numbers is essential, details a balanced approach using AES‑GCM encryption, HMAC indexes, and masked fields, and shares real‑world lessons from implementing the solution in a production system.
The article recounts how a social‑app team faced compliance rejection, realized the risks of storing passwords, phone numbers, IDs in plain text, and then built a pragmatic encryption‑at‑rest solution that balances security, queryability, and operational simplicity.
This guide walks through why enterprises need to scan and protect sensitive log data, explains the regulatory background, and provides a step‑by‑step implementation on Alibaba Cloud using Data Security Center, Logtail, SPL, Ingest Processors, SDKs, StoreView queries and periodic scans to achieve comprehensive data security and governance.
Learn how to protect personal data in Spring Boot 3.2.5 applications by customizing Logback's PatternLayout and appender to mask fields such as name, phone, password, and email, with step‑by‑step code examples, configuration snippets, and handling of object logging.
This article explains how to implement unified data desensitization in Java Spring Boot applications by creating custom annotations, enums, serializers, and utility methods that automatically mask personal information during JSON serialization, complete with code examples and test results.
This article demonstrates how to mask sensitive data such as phone numbers, ID cards, and personal information using SQL string functions, a Java library (sensitive‑plus), and the MyBatis‑Mate Sensitive Jackson plugin, providing complete code examples, configuration files, and test results for backend developers.
This article outlines frequent PHP security vulnerabilities such as SQL injection, XSS, unsafe file uploads, and sensitive data exposure, and demonstrates how to mitigate them with prepared statements, input escaping, file validation, and secure configuration practices using concrete code examples.
This article explains how to protect user‑sensitive information such as ID numbers and phone numbers by encrypting data before insertion and decrypting after retrieval using a MyBatis interceptor that leverages custom annotations, AES utilities, and minimal code intrusion.
This article outlines Vivo’s comprehensive approach to large‑scale database security, covering recent data‑leak incidents, legal compliance, the current challenges of sensitive data governance, a field‑level discovery method, classification standards, automated scoring, and multiple encryption solutions including Proxy, MyBatis, and ShardingSphere.
This article details the practical framework, policies, tools, and workflows that a major online medical service used to classify and grade its data assets, ensuring compliance with China's Data Security Law and Personal Information Protection Law while reducing business risk.
This article demonstrates how to mask sensitive data such as phone numbers, ID cards, and emails in MySQL and Java applications by combining SQL string functions with the MyBatis‑Mate Sensitive Jackson plugin, providing complete configuration, custom strategies, and runnable Spring Boot examples.
This article explains how to identify, remove, and avoid committing sensitive information such as passwords, keys, or tokens in Git repositories by using git log searches, tools like Gitleaks and Detect‑Secrets, and scripts for history rewriting, while also describing preventive pre‑commit hook setups.
This article introduces MyBatis‑Mate, an official MyBatis‑Plus extension that provides enterprise‑grade capabilities such as dictionary binding, field encryption, data masking, dynamic table maintenance, audit logging, sharding, multi‑datasource switching, and customizable data‑scope handling, all illustrated with code examples.
This article demonstrates practical techniques for data masking, covering MySQL string functions for phone and ID masking, a Java library for various sensitive fields, and a MyBatis‑Mate extension that applies custom and built‑in masking strategies through annotations and REST endpoints.
This article demonstrates how to mask sensitive phone numbers and ID cards directly in MySQL, introduces a Java masking library, and provides a complete MyBatis‑Mate extension with custom strategies, configuration files, and sample Spring Boot code to protect personal data in applications.
This article introduces d18n, a Go‑based, cross‑platform data‑desensitization tool that supports multiple databases and file formats, explains common desensitization scenarios, details its sensitive‑data identification techniques—including keyword, regex, and NLP‑based DFA—and outlines six practical masking algorithms with export and import workflows.
The article outlines typical ways PHP projects mishandle sensitive data—such as storing passwords in plain text, transmitting credentials without encryption, using weak hashing algorithms, and exposing server details—and provides practical configuration and coding measures to secure data at rest and in transit.
This tutorial explains how to transparently encrypt and decrypt sensitive fields such as ID numbers, phone numbers, and real names in a Spring Boot application by leveraging MyBatis plugins, custom annotations, and interceptor implementations for both input and output data.
This article introduces GSIL, a near‑real‑time GitHub sensitive‑information‑leakage monitoring tool, and provides step‑by‑step instructions for installing the Python package, configuring email and GitHub token settings, defining scanning rules, and scheduling automated scans and reports via cron.
This article continues a previous guide by demonstrating how to define a complex custom PMD rule that flags Android log statements exposing sensitive data such as device identifiers, process IDs, class names, and file paths, illustrating rule design, AST analysis, example code, and verification steps.
