Re: Column Redaction

Robert,

* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> On Fri, Oct 10, 2014 at 7:00 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > The discussion about looking up specific card numbers in the original
> > email from Simon was actually an allowed use-case, as I understood it,
> > not a risk concern. Indeed, if you know a valid credit card number
> > already, as in this example, then why are you bothering with the search?
> > Perhaps it would provide confirmation, but it's not the database's
> > responsibility to make you forget the number you already have. Doing a
> > random walk through a keyspace of 10^16 and extracting a significant
> > enough number of results to be useful should be difficult. I agree that
> > if we're completely unable to make it difficult then this is less
> > useful, but I feel it's a bit early to jump to that conclusion.

Thanks much for the laugh. :)

> You are obviously wearing your rose-colored glasses this morning. I
> predict a competent SQL programmer could write an SQL function, or
> client-side code, to pump the data out of the database using binary
> search in milliseconds per row.

Clearly, if we're unable to prevent that, then this feature wouldn't be
useful. What would be helpful is to consider what we could provide
along these lines without allowing the data to be trivially recovered.

Thanks!

Stephen