About Security/Privacy

Results 1 to 5 of 5

Thread: About Security/Privacy

  1. #1
    Tomer Guest

    Default About Security/Privacy

    I am working on a small application in which one of my tables contains people information. In such a table it is natural to use Social Security Number as the table&#039;s primary key. One of the function of the application is to update and delete records... to do that I need to pass around the SSN. I usually do that by adding the SSN as a querystring variable but... it is the person&#039;s SSN and it should be hidden, right? Using post wouldn&#039;t make much more secure. Any one have ideas? I thought maybe decrypt the SSN and then pass it. Does this solution make sense?<BR><BR>Any idea will be wellcomed<BR><BR>Thank<BR><BR>Tomer Cagan <BR>

  2. #2
    Join Date
    Dec 1969

    Default RE: About Security/Privacy

    I&#039;m not sure that peoples SSN&#039;s should be available in any way on the internet or intranet. No amount of security is 100%. I&#039;d use the record ID number or something else to identify the record to update or delete. Just my 2 cents.

  3. #3
    Jim Rudnick Guest

    Default RE: About Security/Privacy

    I concur on that privacy issue. Earlier this year when working on a major site for PepBoys, the same realization hit us; that with almost 20,000 employees, those SSN&#039;s would be seen should they be used as unique identifiers....so we opted for ID numbers instead. Privacy is as privacy does, and nothing&#039;s better that keeping that kind of data private!<BR><BR>Jim

  4. #4
    the other steve Guest

    Default no ssn as keyfield

    Do not use the ssn as keyfield - that&#039;s asking for trouble. In fact, it&#039;s generally good policy to have an autonumbered field in every table just for future scalability. Unless you have serious storage issues, this is good database design.

  5. #5
    Join Date
    Dec 1969

    Default Not only would it be...

    More appropriate to use something other than the SSN for privacy reasons...It could also be legally less troublesome to use some other identifer. <BR>You&#039;re just asking for a lawsuit every time someone&#039;s SSN is stolen and used illicitly, which *will* happen if you continue with your current design, I promise.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts