# Sensitive Data Handling - 20251123-080448
== Password storage columns ==
/home/administrator/projects/coppertone.tech/backend/migrations/005_schema_separation.up.sql:124:--     "user=%s password=%s dbname=%s host=%s sslmode=%s search_path=%s",
/home/administrator/projects/coppertone.tech/backend/migrations/005_schema_separation.up.sql:125:--     user, password, name, host, sslMode, schema
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:14:CREATE TYPE identity_type AS ENUM ('email_password', 'blockchain_address', 'did');

== bcrypt/hash usage (password hashing) ==
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:473:				       due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:482:				       due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:492:			       due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:581:		       due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:640:		    blockchain_tx_hash = $10, ipfs_document_cid = $11, notes = $12
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:744:				       blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:753:				       blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:778:				       blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:788:				       p.blockchain_tx_hash, p.blockchain_network, p.payment_processor, p.processor_fee,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:852:		                      transaction_id, blockchain_tx_hash, blockchain_network,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:877:		       blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:77:	// Test hashing
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:78:	hashed, err := hashPassword(password)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:80:		t.Fatalf("hashPassword() error = %v", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:83:	if hashed == "" {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:84:		t.Error("hashPassword() returned empty string")
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:87:	if hashed == password {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:88:		t.Error("hashPassword() did not hash the password")
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:92:	if !checkPasswordHash(password, hashed) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:97:	if checkPasswordHash("wrongPassword", hashed) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:21:	"golang.org/x/crypto/bcrypt"
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:29:	maxPasswordLength = 72 // bcrypt limit
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:408:	passwordHash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:410:		http.Error(w, "Failed to hash password", http.StatusInternalServerError)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:617:	if err := bcrypt.CompareHashAndPassword([]byte(passwordHash), []byte(req.Password)); err != nil {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:714:		passwordHash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:716:			http.Error(w, "Failed to hash password", http.StatusInternalServerError)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1103:func hashPassword(password string) (string, error) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1104:	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1108:	return string(hash), nil
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1111:func checkPasswordHash(password, hash string) bool {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1112:	return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil

== Encryption columns ==
No encryption found

== PII columns (email, phone, address, ssn) ==
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:5:    email VARCHAR(255) UNIQUE, -- Nullable for blockchain-only users
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:10:-- Create index on email for faster lookups
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:11:CREATE INDEX idx_users_email ON users(email) WHERE email IS NOT NULL;
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:14:CREATE TYPE identity_type AS ENUM ('email_password', 'blockchain_address', 'did');
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:21:    identifier VARCHAR(500) NOT NULL, -- Email, blockchain address, or DID
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:73:    user_email VARCHAR(255), -- Denormalized for when user is deleted
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:77:    ip_address INET,
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:198:    req.email AS requester_email,
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:201:    cli.email AS client_email,