Is anyone familiar with an out-of-the-box method for preventing a field defined in
schema/2 from being returned in queries? I use
Repo.get/3 a lot and pass around the result for processing. The problem is that when I use it for my User schema, a lot of sensitive user data is passed around with it. This has the unfortunate side effect of having the
password_hash showing up in my logs when a process crashes that receives the User schema as an argument.
I’m curious how any of you handle this without overriding
Repo.get/3 in your
MyApp.Repo module or using a custom query.
I work around this by having multiple schemas. Some of the tables I work with have a large number of columns and they are used for different purposes.
For me schema is just one representation of the data. You can have multiple schemas to the same table depending on use case.
So in your case perhaps you want a
Login.user schema containing the
password_hash and then a
Normal.user schema which does not.
Another way is of course to remove the data from your API. So instead of doing:
Repo.get(User, username) directly from the code you have an API.
User.get(username) which returns User data where
password_hash is removed.
I like the separate schema idea!
Another option would be item 2 from: