If I'm going to do it, I want it in a way where it's encrypted per-user, using something not stored in the database like a client side hash of their password or something.
I don't want the possibility a miswritten SELECT potentially revealing anything.
I don't want to be able to read their data, at all.
I don't want the possibility a miswritten SELECT potentially revealing anything.
I don't want to be able to read their data, at all.