• asdfasdfasdf@lemmy.world
    61·
    23 hours ago

    Just curious, but if SSNs were not recycled after death, would there be any reason not to use them as a primary key?

    • franzfurdinand@lemmy.world
      152·
      23 hours ago

      They’re sequential, so the values above and below yours are valid SSNs of people born in the same hospital around the same time.

      This would make it trivially easy to get access to records you shouldn’t

      • asdfasdfasdf@lemmy.world
        7·
        23 hours ago

        Isn’t that assuming you have access to doing arbitrary SQL queries on the database? Then you’d by definition have access to records you shouldn’t.

        • borari@lemmy.dbzer0.com
          41·
          16 hours ago

          No. You can have control over specific parameters of an SQL query though. Look up insecure direct object reference vulnerabilities.

          Consider a website that uses the following URL to access the customer account page, by retrieving information from the back-end database: https://insecure-website.com/customer_account?customer_number=132355 Here, the customer number is used directly as a record index in queries that are performed on the back-end database. If no other controls are in place, an attacker can simply modify the customer_number value, bypassing access controls to view the records of other customers.

    • tiredofsametab@fedia.io
      51·
      23 hours ago

      As the user posted, one human can have more than one SSN in their lifetime. Many humans will never have an SSN. Some of those humans may have a TIN. Some humans may have at least one TIN and one SSN at some point.