On Tuesday 22 February 2005 12:30 pm, Heather Johnson wrote: > One of the tables contains personally identifiable information > (PII) (e.g., email, first and last name, etc.). The other contains > "click stream" data (information about where on our website users > have gone). In order to be sensitive to users privacy, we don't > want to ever (even accidentally) run queries that would combine PII > and click stream data. So we're looking for ways to put "walls" up > against combining the data. We understand that anyone with ample > access to the database can deliberately combine the data if they > chose to do so in blatent violation of our policies. But we want to > set something up that would put an obstacle or two in the path of > anyone who might accidentally run such a query. How about separate databases? If there is absolutely no need to "relate" the data in two tables, I can't see much reason other, perhaps, than convenience of user/group management to have them both in the same database. This _will_ prevent joins as long as you don't install the contrib/dblink module. Of course anyone with access to both pieces of data can still export the data and reimport it to whatever database system they want in order to combine the data. ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your message can get through to the mailing list cleanly