On Sun, Oct 30, 2011 at 7:46 PM, Mark Mielke <m...@mark.mielke.cc> wrote:
> In the above case - maybe you don't want password - what about social
> insurance number, credit card number, or any other private bit? The only way
> to truly know you aren't accidentally pulling in fields you don't need or
> want to unnecessarily expose on the wire - is to specifically list the
> fields you DO want, which is precisely to not use "*" at all.

A fairly useful characteristic case would be related to this, namely...

    select * excluding password from some_table;

The sensitive bits of data are often fairly well enumerated, so it's a
useful-ish idea to pull everything except that.

The joys and challenges may be pretty well characterized by:

  create view sanitized_table as
    select * excluding password from some_table;

Now, if someone running queries somewhere downstream is sufficiently
lacking in clue that they don't know which columns they *do* want,
then it seems dubious to me that letting them exclude the columns that
they imagine that they know they *don't* want is actually valid.

That is, if they don't know what they want (e.g. - the column set in a
traditional sans-EXCLUDES query), then I'm rather suspicious that they
aren't competent to build a proper EXCLUDES clause.
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to