Retrieving a Subset of Fields

[Xiao Yunting]

Hi there,

I set up a collection structure as follows (this is one document in the collection):

{

_id: ddd

value_set: 

[

{

key_t : 1

value_t : aaa

},

{

key_t : 2

value_t : bbb

},

{

key_t : 3

value_t : ccc

},

....

]

}

....

My question is that whether there is a way to get one specific value_t by specifying the _id and value_set.key_t. Such as xxx.find({_id : ddd, value_set.key_t: 2},{value_set.value_t:1}), and then I can get "bbb" as result?

Thanks in advance,

Yunting

[Sergei Tulentsev]

Yes, you can retrieve a subset of fields using the syntax you mentioned. However, you're asking for a bit more. You're asking how to retrieve a value of a field of an element of an array, which is something you can't do at the moment.

--
You received this message because you are subscribed to the Google
Groups "mongodb-user" group.
To post to this group, send email to mongod...@googlegroups.com
To unsubscribe from this group, send email to
mongodb-user...@googlegroups.com
See also the IRC channel -- freenode.net#mongodb

--
Best regards,
Sergei Tulentsev

[Jenna]

In MongoDB version 2.2 (the next stable release), it will be possible
to use the positional operator to return specific embedded documents
in an array:
https://jira.mongodb.org/browse/SERVER-828

Here is an example from MongoDB 2.2 rc-0 (development release):

sample doc:
{_id: 1, array: [ {id : 507, name: "Jenna"}, {id: 506, name :
"Matt" } ] }

query:
db.collection.find({_id:1, "array.id":506},{_id:0, "array.$":1})

result:
{ "array" : [ { "id" : 506, "name" : "Matt" } ] }

Information on the positional operator:
http://www.mongodb.org/display/DOCS/Updating/#Updating-The%24positionaloperator

On Aug 1, 3:35 pm, Sergei Tulentsev <sergei.tulent...@gmail.com>
wrote:

> Yes, you can retrieve a subset of fields using the syntax you mentioned.
> However, you're asking for a bit more. You're asking how to retrieve a
> value of a field of an element of an array, which is something you can't do
> at the moment.
>

> On Wed, Aug 1, 2012 at 10:37 PM, Xiao Yunting <yunting.x...@gmail.com>wrote:
>
>
>
>
>
>
>
>
>
> > Hi there,
>
> > I set up a collection structure as follows (this is one document in the
> > collection):
>
> > {
> > _id: ddd
> >  value_set:
> > [
> > {
> > key_t : 1
> >  value_t : aaa
> > },
>
> > {
> > key_t : 2
> >  value_t : bbb
> > },
> > {
> > key_t : 3
> >  value_t : ccc
> > },
> > ....
>
> > ]
> > }
> > ....
>

> > My question is that whether there is a way to get one specific *value_t*by specifying the
> > *_id* and *value_set.key_t*. Such as *xxx.find({_id : ddd,
> > value_set.key_t: 2},{value_set.value_t:1})*, and then I can get "bbb" as

[Xiao Yunting]

Thanks a lot anyway~

Best,

Yunting

[Russell Bateman]

According to Payment Card Industry (PCI) Requirements and Security Assessment Procedures, I must attempt to encrypt much of the credit- and debit card data I keep on hand for my customers.

Does anyone have experience doing that? I have encryption and could encrypt either the document as just an ugly chunk with an _id or I could do it field by field.

The problem I see is that as soon as I do that, I'm unable to search for any such payment options (cards) by any field I've encrypted or at all if I've encrypted the whole document contents.

Any wisdom and suggestions are heartily welcomed.

Russ

[Jenna]

Hello Russ,
Here is a Stackoverflow response that you may find helpful:
http://stackoverflow.com/questions/8803332/mongodb-database-encryption

It sounds like you've correctly identified the problem associated with
total document encryption. If you would like to use the database to
perform queries on the data, you should only encrypt fields with
sensitive information.

On an unrelated note, for future questions, it'd be great if you could
start a new thread when discussing new topics.

On Aug 1, 8:23 pm, Russell Bateman <r...@windofkeltia.com> wrote:
> According to /Payment Card Industry (PCI) Requirements and Security
> Assessment Procedures/, I must attempt to encrypt much of the credit-

[Russell Bateman]

Jenna,

Thanks for your response.

Ooh, okay. I may be screwing up all my correspondence then. I'm pretty
certain I started a new thread. I blind-copied myself so I'd see what I
wrote and as I inspect what came to me, the blind copy appears identical
to any other except that it doesn't have "[mongodb-user]" in the title.
I wasn't sure I was supposed to put that on or let the list take care of
that. My subject was "Encrypting Mongo document contents", no "Re:
anything" or the "[]" tag and I addressed it to
mongod...@googlegroups.com. What am I missing? What constitutes a new
or old thread anyway? Is there a link to the procedure I should be
paying attention to?

Regrets,

Russ

[Scott Hernandez]

Russell, if you are just doing equality matching on your queries then
you can store encrypted values and encrypt the values to search with,
but this will not work on range queries as Kyle states in the
stack-overflow response.


Here is the source of your email, and you will note that is has fields
linking it into a thread from a previous post:
https://groups.google.com/group/mongodb-user/msg/313d177e6fe7a2bb?dmode=source

You can see the nesting behavior here, and the change of subject lines
as well: https://groups.google.com/group/mongodb-user/browse_thread/thread/93ae668fdb4df732/313d177e6fe7a2bb?lnk=gst#313d177e6fe7a2bb

Please just create a new message/post and don't start from an existing one.

[Russell Bateman]

Ah, okay, I see what I did. I pirated an existing mail by doing a reply
to list, then cleared everything out. I use Thunderbird and not Google
to view these threads, so I had no idea what I was doing wrong. Thanks,
Scott and Jenna. I'll repent of this evil laziness!

:-)

Best regards and thanks again,

Russ

[craiggwilson]

Hi Russell,

  Might I ask if you are a payment provider or gateway? If not, then the best general advice I can give you from experience is to simply NOT store any credit card related information at all and rely on your payment provider/gateway to do that for you (PayPal, authorize.net, etc...).  If you must store some information, then name and last4 with a link to the corresponding identifier in your payment gateway is almost always sufficient and these values do not need to be encrypted.  Just as important in not storing cardholder data (Name, Number, CVV, ExpirationDate) is that it is supposed to be encrypted all the way through the network stack (Level 7 through Level 1).  This obviously involves more than you and rely's on good ops guys.  Hence, offloading all of this to your payment gateway takes you almost completely out of the loop.

Hope that helpers...