- Change query_json column from TEXT to JSON, ip/user_agent to CHAR(64) for PII redaction compliance - Update repository, service, and views for hardened schema - Add architecture contract test for security logging redaction - Add search resource provider test coverage - Include DB migration script for existing installs Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
10 lines
341 B
SQL
10 lines
341 B
SQL
-- API audit redaction hardening:
|
|
-- 1) Store full SHA-256 hashes (64 chars) for IP and user-agent fields.
|
|
-- 2) Remove historical API audit rows that may contain plaintext query values or identifiers.
|
|
|
|
ALTER TABLE `api_audit_log`
|
|
MODIFY COLUMN `ip` CHAR(64) NULL,
|
|
MODIFY COLUMN `user_agent` CHAR(64) NULL;
|
|
|
|
DELETE FROM `api_audit_log`;
|