• Yes, you can prevent the web application from interrogating employee SSNs by implementing role based security and abstracting the application from the employee table(s) by using stored proceure(s). Ideally, you would not grant select permission on any tables and instread only grant exec permission on stored procedures. Hashing or encryption of SSN would be reccomended, if the SSN is returned back to the application from any call.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho