[derefr]

What’s sensitive about a (normalized) database schema?

I can see a schema definition being “secret sauce” (i.e. a competitive advantage), but I can’t see it being literally dangerous for the company to publish (e.g. because it contains customer PII), unless you’re doing something very strange.

...in which case, that makes me want to know about the schema even more! There’s probably some interesting lessons in there, if just “don’t do this; we deeply regret that we did.”

[barbegal]

I think lots of people would be rather embarrassed to post their company's database structures. And lots of databases have table prefixes that can easily be traced to a company or product.

[paulgb]

A lot of companies have blanket policies prohibiting sending any IP to an unvetted vendor.

In quant finance, for example, a DB schema might reveal details of a proprietary strategy that the firm does not want a third party to see.

[evanelias]

It can be a security risk. For example, imagine if a popular web framework or ORM is found to have an exploit involving some particular data type, when combined with auto-generated HTML forms. If the companies using the framework are known, and their DB schemas are publicly available, this could be a huge target for attackers.

I'd imagine it can also be a legal concern. For example, a schema may reveal presence of a soft-delete column, which conceptually violates GDPR. If the schema is made public, this could cause unwanted legal attention, even if the column is no longer actively used by any application code.