Is anyone familiar with an out-of-the-box method for preventing a field defined in schema/2 from being returned in queries? I use Repo.get/3 a lot and pass around the result for processing. The problem is that when I use it for my User schema, a lot of sensitive user data is passed around with it. This has the unfortunate side effect of having the password_hash showing up in my logs when a process crashes that receives the User schema as an argument.
I’m curious how any of you handle this without overriding Repo.get/3 in your MyApp.Repo module or using a custom query.
I work around this by having multiple schemas. Some of the tables I work with have a large number of columns and they are used for different purposes.
For me schema is just one representation of the data. You can have multiple schemas to the same table depending on use case.
So in your case perhaps you want a Login.user schema containing the password_hash and then a Normal.user schema which does not.
Another way is of course to remove the data from your API. So instead of doing:
Repo.get(User, username) directly from the code you have an API. User.get(username) which returns User data where password_hash is removed.
8 Likes
I like the separate schema idea!
1 Like
