DEV Community

Cover image for Exploring Invisible Columns in MySQL 8 and Laravel
Muhammad Saim
Muhammad Saim

Posted on

Exploring Invisible Columns in MySQL 8 and Laravel

Invisible columns, a new concept introduced in MySQL 8, offer an additional layer of security and control over sensitive data. When executing a SELECT * query, invisible columns are not retrieved by default. Instead, you must explicitly specify them in the SELECT statement. This ensures that sensitive information such as passwords, tokens, API keys, and payment-related data remains protected.

MySQL 8: Introduction to Invisible Columns

In MySQL 8, invisible columns are columns that are not included in the result set of a SELECT * query unless explicitly specified. This feature enhances data security by preventing the accidental exposure of sensitive information.

To create an invisible column in MySQL 8, you can use the following syntax:

ALTER TABLE table_name
ADD COLUMN column_name datatype INVISIBLE;
Enter fullscreen mode Exit fullscreen mode

For example, to make the password column invisible in the users table:

ALTER TABLE users
ADD COLUMN password VARCHAR(255) INVISIBLE;
Enter fullscreen mode Exit fullscreen mode

Now, when you run a SELECT * query on the users table, the password column will not be retrieved unless explicitly specified in the SELECT statement.

Laravel: Supporting Invisible Columns

Laravel, a popular PHP framework, has introduced support for invisible columns, making it easier to work with sensitive data in your applications.

Here's an example of defining an invisible column in a Laravel migration:

use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;

Schema::table('users', function (Blueprint $table) {
    $table->string('password')->invisible();
});
Enter fullscreen mode Exit fullscreen mode

In this example, we're making the password column invisible in the users table.

$user = User::first();
$user->$password // this will return null
Enter fullscreen mode Exit fullscreen mode

To retrieve the value of an invisible column in Laravel, you must explicitly specify it in the SELECT statement. Here's how you can do it:

$user = User::select('password')->first();
$password = $user->password; // returns the password
Enter fullscreen mode Exit fullscreen mode

This ensures that sensitive information is accessed only when explicitly requested, reducing the risk of accidental exposure.

Conclusion

Invisible columns in MySQL 8 and Laravel offer a powerful way to enhance data security and control over sensitive information. By making sensitive columns invisible, you can prevent accidental exposure of sensitive data and ensure that it is accessed only when necessary.

Whether you're working with passwords, tokens, API keys, or payment-related data, leveraging invisible columns can help you build more secure and reliable applications.

Top comments (1)

Collapse
 
ccoveille profile image
Christophe Colombier

Thanks for sharing this MySQL 8 feature, I wasn't aware of.