> The problem there is that the SQL for (2) changes frequently, so we
> want to give people SQL access.
So you want to give people access to your SQL database and worry that they could see specific information (credit card
numbers)in plain and therefore you want to format it, so that people cannot see the real data. Is that correct?
I'd either do that by only letting them access a view or be reconsidering if it is really a good idea to give them SQL
accessto the server as they could do other things which e.g. could slow down the server enormously.
Never trust the user. So I see what you want to achieve but I am not sure if the reason to do that is good. Can you
explainplease?
Maybe you should provide them an interface (e.g. web app) that restricts access to certain functions and cares about
formatting.
Regards
Damian Wolgast (irc:asymetrixs)