On 10/10/2014 01:35 PM, Stephen Frost wrote:
> Regarding functions, 'leakproof' functions should be alright to allow,
> though Heikki brings up a good point regarding binary search being
> possible in a plpgsql function (or even directly by a client). Of
> course, that approach also requires that you have a specific item in
> mind.
It doesn't require that you have a specific item in mind. Binary search
is cheap, O(log n). It's easy to write a function to do a binary search
on a single item, passed as argument, and then apply that to all rows:
SELECT binary_search_reveal(cardnumber) FROM redacted_table;
Really, I don't see how this can possible be made to work. You can't
allow ad hoc processing of data, and still avoid revealing it to the user.
- Heikki
