On Sat, Oct 11, 2014 at 09:51:28AM +0100, Simon Riggs wrote: > > So it's not actually suitable for the example you gave. I don't think we > > want this feature... > > The full quote I read is the following... > > "Even though Oracle Data Redaction is not intended to protect against > attacks by database users who run ad hoc queries directly against the > database, it can hide sensitive data for these ad hoc query scenarios > when you couple it with other preventive and detective controls." > > That full context would have been useful.
OK, that certainly helps. I think the interesting question, though, is whether we can create a data type that doesn't have any casting or comparison functions, and has limited or no output function, and is useful. Are there are cases where you would want to store data in a database that could not be fully viewed but still would be useful to be stored. For example, for a credit card type, you would output the last four digits, but is there any value to storing the non-visible digits? You can check the checksum of the digits, but that can be done on input and doesn't require the storage of the digits. Is there some function we could provide that would make that data type useful? Could we provide comparison functions with delays or increasing delays? I can think of a useful fully-redacted data type example, and that would be the credit card expire date. You could store that in a field that has no output or comparison functions, but you could provide a useful function that would tell whether the expire date had passed based on the system date. It would be useful to store such a date, and a user could know the data value only after it had expired. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
