Comment by ic4l
2 months ago
I agree with you. Knowing the exact column names can speed up an attack and, in some cases, make it more feasible.
Why don’t they just request disclosure of what’s actually stored and allow renaming of the columns? It seems odd that knowing the exact column names would be necessary if the goal is simply to understand what data is being stored and its intended purpose.
I wonder if that would be considered a "new report", which they don't have to provide.
They can either have their cake or eat it. If they don't want to obfuscate the column names, they have to provide the data with the original ones.
> Knowing the exact column names can speed up an attack and, in some cases, make it more feasible.
If I'm looking at a database, I like knowing column names, but I like knowing table names more.