CSFLE LimitationsCSFLE局限性

~~On this page~~本页内容

~~Read and Write Operation Support~~读写操作支持
~~Views~~视图
~~Collation~~排序规则
~~Unique Indexes~~唯一索引
~~Shard Key~~分片键
~~Read/Write Query Support~~读/写查询支持

MongoDB's Queryable Encryption feature is available (GA) in MongoDB 7.0 and later. To learn more about Queryable Encryption and compare its benefits with Client-Side Field Level Encryption, see Queryable Encryption.

Read and Write Operation Support读写操作支持

~~The mongod only stores encrypted BinData and applies any aggregation expression or query operator specifying an encrypted field against the BinData value.~~ mongod只存储加密的BinData，并根据BinData值应用任何聚合表达式或指定加密字段的查询运算符。~~While the expression or operator may support BinData fields, the resulting value may be incorrect or unexpected when compared to issuing that same expression or operator against the decrypted value.~~ 虽然表达式或运算符可能支持BinData字段，但与针对解密值发布相同的表达式或运算符相比，结果值可能不正确或出乎意料。~~The mongod throws an error if the expression or operator does not support BinData values.~~如果表达式或运算符不支持BinData值，mongod将抛出错误。

For example, consider a deterministically encrypted integer Salary. A query filters for documents where Salary is greater than 100000. The application explicitly (manually) encrypts the query value using deterministic encryption prior to issuing the query. 例如，考虑一个确定性加密的整数Salary。查询筛选Salary(薪资)大于100000的文档。应用程序在发出查询之前使用确定性加密显式（手动）加密查询值。~~The mongod compares the encrypted BinData value of 100000 to the encrypted BinData values stored in each document.~~ mongod将100000的加密BinData值与存储在每个文档中的加密BinData值进行比较。~~While the operation returns successfully, the comparison of the BinData values may return a different result than the comparison of the decrypted integer values.~~当操作成功返回时，BinData值的比较可能会返回与解密整数值的比较不同的结果。

~~Automatic Client-Side Field Level Encryption rejects read or write operations which would return incorrect or unexpected results when issued against an encrypted field.~~ 自动客户端字段级加密拒绝读取或写入操作，这些操作在针对加密字段发出时会返回不正确或意外的结果。~~For complete documentation, see Supported Operations for Automatic Encryption.~~有关完整的文档，请参阅支持的自动加密操作。

~~Applications performing explicit (manual) encryption may reference the linked page as guidance for issuing read/write operations against encrypted fields.~~执行显式（手动）加密的应用程序可以引用链接页面作为针对加密字段发布读/写操作的指南。

Views视图

Queries against views on collections containing values encrypted with Client-Side Field Level Encryption may return unexpected or incorrect results if either the underlying view aggregation pipeline or the query references encrypted fields. 如果基础视图聚合管道或查询引用了加密字段，则对包含使用客户端字段级加密加密的值的集合上的视图的查询可能会返回意外或不正确的结果。~~If creating a view on a collection containing values encrypted with Client-Side Field Level Encryption, avoid operating on encrypted fields to mitigate the risk of unexpected or incorrect results.~~如果在包含使用客户端字段级加密加密的值的集合上创建视图，请避免对加密字段进行操作，以降低意外或错误结果的风险。

While 4.2+ compatible drivers configured for automatic Client-Side Field Level Encryption have supported operations for automatic encryption, for unsupported read and write operations, the underlying support library cannot introspect the view catalog to identify a given collection as a view. 虽然为自动客户端字段级加密配置的4.2+兼容驱动程序支持自动加密操作，但对于不受支持的读写操作，底层支持库无法内省视图目录以将给定集合标识为视图。~~Applications therefore cannot rely on the automatic Client-Side Field Level Encryption validation to prevent unsupported queries against views on collections with encrypted fields.~~因此，应用程序不能依赖客户端字段级加密自动验证来防止对具有加密字段的集合的视图进行不受支持的查询。

For applications using explicit (manual) encryption to query a view on a collection containing encrypted values, consider constructing the query using only query operators with known normal behavior when issued against encrypted fields.对于使用显式（手动）加密来查询包含加密值的集合的视图的应用程序，请考虑在针对加密字段发出时仅使用具有已知正常行为的查询运算符来构造查询。

Collation排序规则

~~Client-Side Field Level Encryption does not respect user-specified collations or collection default collations. Field level encryption obscures the field value and prevents normal collation behavior.~~ 客户端字段级加密不尊重用户指定的排序规则或集合默认排序规则。字段级加密会模糊字段值并阻止正常的排序规则行为。~~Collation-sensitive queries against encrypted fields may return unexpected or incorrect results.~~针对加密字段的对排序规则敏感的查询可能会返回意外或不正确的结果。

While 4.2+ compatible drivers configured for automatic Client-Side Field Level Encryption have supported operations for automatic encryption, for unsupported read and write operations the underlying support library cannot introspect the collection catalog to identify the default collation. 虽然为自动客户端字段级加密配置的4.2+兼容驱动程序支持自动加密操作，但对于不受支持的读写操作，底层支持库无法内省集合目录以识别默认排序规则。~~Applications therefore cannot rely on the Client-Side Field Level Encryption validation to prevent querying on encrypted fields with collation defaults.~~因此，应用程序不能依赖客户端字段级加密验证来阻止对具有排序规则默认值的加密字段进行查询。

Unique Indexes唯一索引

~~Unique indexes cannot guarantee uniqueness if the index key specifies any randomly encrypted fields.~~如果索引键指定任何随机加密的字段，则唯一索引无法保证唯一性。

~~Fields encrypted using the random algorithm always produce a different encrypted value given a specific input.~~ 使用随机算法加密的字段在给定特定输入的情况下总是产生不同的加密值。~~The server considers each encrypted value unique even though the decrypted value itself is not unique.~~ 服务器认为每个加密的值是唯一的，即使解密的值本身不是唯一的。~~The collection can therefore contain multiple documents with duplicate decrypted values for a field with an index-enforced unique constraint.~~因此，对于具有索引强制的唯一约束的字段，集合可以包含多个具有重复解密值的文档。

While 4.2+ compatible drivers configured for automatic Client-Side Field Level Encryption have supported operations for automatic encryption for unsupported read and write operations, the underlying support library cannot introspect the index catalog to identify a given field as unique. 虽然为自动客户端字段级加密配置的4.2+兼容驱动程序支持针对不受支持的读写操作的自动加密操作，但底层支持库无法内省索引目录以将给定字段标识为唯一字段。~~Applications therefore cannot rely on the automatic Client-Side Field Level Encryption validation to prevent unique constraint violations on randomly-encrypted fields.~~因此，应用程序不能依赖客户端字段级加密自动验证来防止对随机加密字段的唯一约束冲突。

Shard Key分片键

~~Specifying a shard key on encrypted fields or encrypting fields of an existing shard key may result in unexpected or incorrect sharding behavior.~~在加密字段上指定分片键或加密现有分片键的字段可能会导致意外或不正确的分片行为。

While 4.2+ compatible drivers configured for automatic Client-Side Field Level Encryption have supported operations for automatic encryption, for unsupported read and write operations, the underlying support library cannot introspect the sharding catalog metadata to identify shard key fields. 虽然为自动客户端字段级加密配置的4.2+兼容驱动程序支持自动加密操作，但对于不支持的读写操作，底层支持库无法内省分片目录元数据来识别分片键字段。~~Applications therefore cannot rely on the automatic field level encryption validation to prevent encryption of shard key fields.~~因此，应用程序不能依赖于自动字段级加密验证来阻止分片键字段的加密。

Read/Write Query Support读/写查询支持

~~Automatic Client-Side Field Level Encryption supports a subset of commands, query operators, update operators, aggregation stages, and aggregation expressions.~~ 自动客户端字段级加密支持命令、查询运算符、更新运算符、聚合阶段和聚合表达式的子集。~~For complete documentation, see Supported Operations for Automatic Encryption.~~有关完整的文档，请参阅支持的自动加密操作。

← CSFLE Compatibility CSFLE Encryption Schemas →