We've been looking into the ColumnTransformer to encrypt certain parts of our data. It seemed like a great fit and the JavaDoc indicated that it would work in queries as well as read write operations.
And it does all of that, but the application of the transformer if the column is referenced in a where clause is resulting in a table scan.
So if I have a column I want to protect called secret and I've annotated it
Code:
@ColumnTransformer(read = "AES_DECRYPT(UNHEX(secret), 'password')", write = "HEX(AES_ENCRYPT(?, 'password'))")
private String secret;
Hibernate will generate the following:
Code:
where AES_DECRYPT(UNHEX(webuser0_.secret), 'password')=?
which results in a table scan.
What would be better would be if the generated sql looked like this:
Code:
where webuser0_.secret=HEX(AES_ENCRYPT(?, 'password'))
Which results in a query that uses an index and calculates the encryption only once.
So is there a way to get the transformer to behave differently and generate a more sensible where clause?
Login
FAQ
Search