diff --git a/routes/auth.py b/routes/auth.py
index 0b5275f..de926a1 100644
--- a/routes/auth.py
+++ b/routes/auth.py
@@ -8,6 +8,12 @@ router = APIRouter()
 def login(auth: Credential, resp: Response):
 	service = AuthService()
 	data = service.read(auth.username)
+	if data == None:
+		resp.status_code = 401
+		return {
+			"ok": 0,
+			"errno": "Unauthorized"
+		}
 
 	hashed = hash(auth.password, data.salt)
 	if data.username != auth.username or data.password != hashed:
diff --git a/service/balance_service.py b/service/balance_service.py
index 9ca9907..8a64be1 100644
--- a/service/balance_service.py
+++ b/service/balance_service.py
@@ -41,7 +41,7 @@ class BalanceService:
 	
 	def query(self):
 		cur = self._conn.cursor()
-		cur.execute("select * from balset;")
+		cur.execute("select id, name, date, price, buy, memo from balset;")
 
 		raw = cur.fetchall()
 		data = []
@@ -63,7 +63,7 @@ class BalanceService:
 	
 	def read(self, id: int):
 		cur = self._conn.cursor()
-		cur.execute("select * from balset where id = %s;", (id))
+		cur.execute("select id, name, date, price, buy, memo from balset where id = %s;", (id))
 
 		data = cur.fetchone()