Social Security: Background Checking: Flaws in Website and Database Design

Recently, I was hired by the company IQNavigator. The hiring process involve a background checking done by the company ADP. While ADP was doing my background checking an issue shows up with my Social Security. I would like to use my current personal issue to talk about website and database design.

Continuing with my story, ADP requested me a letter verifying the validity of your social security number. So, I went to the Social Security Administration office at Greeley, CO. The SSA representative told me that they didn’t issue such letter. The only letters they provided was when a change was done to the social security or when requesting a social security number. After some seconds on the computer, the SSA representative notice that while my full name was correctly printed in my social security card, my last name was shorter by one letter in the SSA database system. She fix this issue in the database and gave me a receipt of the transaction.

The SSA transaction receipt was not accepted by ADP; therefore, ADP requested me other documentation. I am going to skip this part of the story with ADP since will move us out of the point I wish to do with this posting. Perhaps, I will write another posting about it.

Later, I decided to create an account at the SSA website without success. The last name field in the form do not allow me to type completely my last name. The field cuts my last name by one letter; therefore, I cannot create an account.

When creating fields on the form and/or in a database, the length should have between 10 to 20 percent extra space of length. This approach is quite common in engineering. For example, the tires of your car display a maximum amount of P.S.I. you can inflate that tire; however, it you inflate the tire to the maximum displayed, it shouldn’t explode in your face. Why? Because a good engineer design the tired to provide a margin above the maximum P.S.I. in case a user exceed the maximum by mistake.

Another lesson is in the SQL query in the software being used by ADP for the social security number verification. I am assuming that they are using my first name, last name, my birthday, and my social security number to make a match. The fact that my last name is missing a letter it could create problems. If their software doesn’t use the same field length limit as used by the SSA, then their query would try to search for “CARLSTEIN RAMOS MEJIA” instead of “CARLSTEIN RAMOS MEJI”.

If the company who build the software which is used by ADP would have the proper communication with the SSA, they could have known the size of each field and prevented this issue to happens.

I hope this doesn’t get in the middle of my employment and any future transactions which requires my Social Security number.

Share

MSSQL Basic Cheat Sheet

Description

Example

Version SELECT @@version
List of Users SELECT name FROM master..syslogins
Current User SELECT user; — Returns user such as “dbo”SELECT user_name(); — Returns user such as “dbo”SELECT system_user; — Returns [DOMAIN]\[USERNAME]SELECT loginame FROM master.sysprocesses WHERE spid = @@SPID;
Privileges SELECT is_srvrolemember(‘sysadmin’);
SELECT is_srvrolemember(‘securityadmin’);
SELECT is_srvrolemember(‘serveradmin’);
SELECT is_srvrolemember(‘setupadmin’);
SELECT is_srvrolemember(‘diskadmin’);
SELECT is_srvrolemember(‘bulkadmin’);
SELECT is_srvrolemember(‘dbcreator’);———————————————————-SELECT name FROM master..syslogins WHERE sysadmin = 1;
SELECT name FROM master..syslogins WHERE securityadmin = 1;
SELECT name FROM master..syslogins WHERE serveradmin = 1;
SELECT name FROM master..syslogins WHERE serveradmin = 1; — May return empty
SELECT name FROM master..syslogins WHERE setupadmin = 1; — May return empty
SELECT name FROM master..syslogins WHERE diskadmin = 1; — May return empty
SELECT name FROM master..syslogins WHERE bulkadmin = 1;
SELECT name FROM master..syslogins WHERE dbcreator = 1;
SELECT name FROM master..syslogins WHERE hasaccess = 1;
SELECT name FROM master..syslogins WHERE denylogin = 0;
SELECT name FROM master..syslogins WHERE isntname = 0;
SELECT name FROM master..syslogins WHERE isntgroup = 0;
List All Databases  SELECT name FROM master..sysdatabases;
Database by Id  SELECT DB_NAME(ID); — Where ID is 0, 1, 2, …, N
Current Database  SELECT DB_NAME();
List Columns SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name=’TABLE_NAME’); — Where TABLE_NAME is the table name on the current database
List Tables SELECT name FROM DATABASE_NAME..sysobjects WHERE xtype = ‘U’; — Where DATABASE_NAME is the database which you wish to list the tables
List Views SELECT name FROM DATABASE_NAME..sysobjects WHERE xtype = ‘V’; — Where DATABASE_NAME is the database which you wish to list the views
Hostname SELECT HOST_NAME();
Information and Location of DB file EXEC sp_helpdb DATABASE_NAME; — Where DATABASE_NAME is the name of the database
Share

Protected: MySQL Tutorial – Part 4

This content is password protected. To view it please enter your password below:

Share