February 16, 2017 at 6:26 pm
Sergiy - Thursday, February 16, 2017 5:46 PMDon't Americant protect the wrong thing?
Heh... hell no. That's a part of the problem in the U.S.. If the SSN were used alone, there would be no problem. The problem comes when it's combined with all the PII (also usually not encrypted) necessary to replace you identity-wise. For a lot of companies, you only need to cough up the last 4 digits to "prove" it's you on the phone.
--Jeff Moden
Change is inevitable... Change for the better is not.
February 17, 2017 at 7:07 am
Sue_H - Thursday, February 16, 2017 4:45 PMpatrickmcginnis59 10839 - Thursday, February 16, 2017 11:52 AMI'm curious that if SSN's ideally never make it onto computers, then why are they considered such sensitive pieces of data in the first place?If anyone at all can read the data, it ends up on computers. There are plenty of breaches reported with scenarios similar to someone querying the data, save it to a spreadsheet on their laptop, leave work - with that laptop and somewhere along the way, the laptop is stolen.
Sue
Sure but nobody is defending carrying around a laptop with unsecured data. I've been carrying around a laptop for ages and I don't remember ever having an ssn on it.
Are we accusing the OP of carrying around a laptop with ssns on it? If so, can you point out the text that indicates this? Was it an XML tag?
February 17, 2017 at 7:23 am
Jeff Moden - Thursday, February 16, 2017 4:17 PMpatrickmcginnis59 10839 - Thursday, February 16, 2017 11:52 AMI'm curious that if SSN's ideally never make it onto computers, then why are they considered such sensitive pieces of data in the first place?The trouble is that they DO make it onto computers.... a LOT of computers. The health-care industry is insane with them as are many other industries. I did some consulting work for a medium size company that specialized in automotive loans. They used SSN in clear text as the bloody primary key for the customers.
So are you telling me that you are jumping the OP for practices that are in fact routine in IT?
The straight up fact of the matter is that SSNs ARE routinely materialized into plaintext. I have a guess why the SSA doesn't require they be encrypted, because once you encrypt them, you can't use them to match data up. I'm going to hazard another guess that its required that SSNs and other personal data be SECURED, and that covers lots more ground than just encrypting them at rest because data at rest on a powered down server is probably the safest place for it. Its the powered up servers we worry about because that's where the big breakins occur.
February 17, 2017 at 9:48 am
Lynn Pettis - Wednesday, February 15, 2017 10:22 AMChris,Thanks for this, I'll have to see how I can do this on another project I am currently not working on but need to get back to soon. Using openxml has proven to work well, but your comments about resources make me question the performance and scalability of the solution.
It's been 8 or 9 years since I've worked with the preparedocument openxml so I don't have good numbers to give you to quantify how much it can improve performance to use the .Nodes method of the XML datatype instead. I remembered though that for the particular system I was working on at the time that was doing a lot of XML shredding it did improve things.
February 17, 2017 at 9:58 am
Chris Harshman - Friday, February 17, 2017 9:48 AMLynn Pettis - Wednesday, February 15, 2017 10:22 AMChris,Thanks for this, I'll have to see how I can do this on another project I am currently not working on but need to get back to soon. Using openxml has proven to work well, but your comments about resources make me question the performance and scalability of the solution.
It's been 8 or 9 years since I've worked with the preparedocument openxml so I don't have good numbers to give you to quantify how much it can improve performance to use the .Nodes method of the XML datatype instead. I remembered though that for the particular system I was working on at the time that was doing a lot of XML shredding it did improve things.
I found the OPENXML easy to figure out and get working for a single xml report. The fun part is going to make it dynamic to handle many different reports being imported from xml files.
Now I have a different method to check out. One of the reasons I am working this is due to performance issues. The current process only handles 1 report at a time from the xml file and there could be multiple reports in the file. At least all reports in a single file are the same report type so the schema is the same.
February 17, 2017 at 11:13 am
patrickmcginnis59 10839 - Friday, February 17, 2017 7:07 AMSue_H - Thursday, February 16, 2017 4:45 PMpatrickmcginnis59 10839 - Thursday, February 16, 2017 11:52 AMI'm curious that if SSN's ideally never make it onto computers, then why are they considered such sensitive pieces of data in the first place?If anyone at all can read the data, it ends up on computers. There are plenty of breaches reported with scenarios similar to someone querying the data, save it to a spreadsheet on their laptop, leave work - with that laptop and somewhere along the way, the laptop is stolen.
Sue
Sure but nobody is defending carrying around a laptop with unsecured data. I've been carrying around a laptop for ages and I don't remember ever having an ssn on it.
Are we accusing the OP of carrying around a laptop with ssns on it? If so, can you point out the text that indicates this? Was it an XML tag?
Can you point out the text where I said anything at all about the OP?
Explaining a common scenario related to data breaches is fairly innocuous.
Your reply with the sarcastic "was it in an XML tag" says enough.
February 17, 2017 at 11:51 am
Sue_H - Friday, February 17, 2017 11:13 AMpatrickmcginnis59 10839 - Friday, February 17, 2017 7:07 AMSue_H - Thursday, February 16, 2017 4:45 PMpatrickmcginnis59 10839 - Thursday, February 16, 2017 11:52 AMI'm curious that if SSN's ideally never make it onto computers, then why are they considered such sensitive pieces of data in the first place?If anyone at all can read the data, it ends up on computers. There are plenty of breaches reported with scenarios similar to someone querying the data, save it to a spreadsheet on their laptop, leave work - with that laptop and somewhere along the way, the laptop is stolen.
Sue
Sure but nobody is defending carrying around a laptop with unsecured data. I've been carrying around a laptop for ages and I don't remember ever having an ssn on it.
Are we accusing the OP of carrying around a laptop with ssns on it? If so, can you point out the text that indicates this? Was it an XML tag?
Can you point out the text where I said anything at all about the OP?
Explaining a common scenario related to data breaches is fairly innocuous.
Your reply with the sarcastic "was it in an XML tag" says enough.
Hey, I'm actually a bit disappointed that my first attempt at sarcasm made it under the threads radar! Such is life I guess 🙂
February 17, 2017 at 1:31 pm
Jeff Moden - Thursday, February 16, 2017 6:26 PMSergiy - Thursday, February 16, 2017 5:46 PMDon't Americant protect the wrong thing?Heh... hell no. That's a part of the problem in the U.S.. If the SSN were used alone, there would be no problem. The problem comes when it's combined with all the PII (also usually not encrypted) necessary to replace you identity-wise. For a lot of companies, you only need to cough up the last 4 digits to "prove" it's you on the phone.
Using ID as a password - what a brilliant idea!
I had many personal ID's in different countrties, but none of them was ever used as a proof of identity, only as a "shortcut" to my record.
I guess that practice is what Americans need to change, instead of doing dances with tamburines around SSN.
_____________
Code for TallyGenerator
February 17, 2017 at 4:41 pm
patrickmcginnis59 10839 - Friday, February 17, 2017 7:23 AMSo are you telling me that you are jumping the OP for practices that are in fact routine in IT?
Wow... you warped the hell out of that one, Patrick. If you look back at my original post, I was trying to warn the OP... not jump the OP. And the fact that it IS a common practice doesn't make a wrong practice right. It's because people never do anything about it. My favorite challenge to people is that if you think it's alright, then enter all your information into the database including the SSN.
--Jeff Moden
Change is inevitable... Change for the better is not.
February 17, 2017 at 4:51 pm
Sergiy - Friday, February 17, 2017 1:31 PMJeff Moden - Thursday, February 16, 2017 6:26 PMSergiy - Thursday, February 16, 2017 5:46 PMDon't Americant protect the wrong thing?Heh... hell no. That's a part of the problem in the U.S.. If the SSN were used alone, there would be no problem. The problem comes when it's combined with all the PII (also usually not encrypted) necessary to replace you identity-wise. For a lot of companies, you only need to cough up the last 4 digits to "prove" it's you on the phone.
Using ID as a password - what a brilliant idea!
I had many personal ID's in different countrties, but none of them was ever used as a proof of identity, only as a "shortcut" to my record.
I guess that practice is what Americans need to change, instead of doing dances with tamburines around SSN.
Yeah... totally "brilliant". They also have us use 4 digit PINs to "protect" our checking account and 3 digit numbers that are printed on the back of our credit cards. :Whistling:
--Jeff Moden
Change is inevitable... Change for the better is not.
February 20, 2017 at 6:41 am
Jeff Moden - Friday, February 17, 2017 4:41 PMpatrickmcginnis59 10839 - Friday, February 17, 2017 7:23 AMSo are you telling me that you are jumping the OP for practices that are in fact routine in IT?
Wow... you warped the hell out of that one, Patrick. If you look back at my original post, I was trying to warn the OP... not jump the OP. And the fact that it IS a common practice doesn't make a wrong practice right. It's because people never do anything about it. My favorite challenge to people is that if you think it's alright, then enter all your information into the database including the SSN.
I simply found that the tone of your post wasn't a very good match at all for the post you were replying to. Obviously its not like I've never made that mistake 🙂
my SSN, birthdate, address, etc. are in multiple databases.
Viewing 11 posts - 16 through 25 (of 25 total)
You must be logged in to reply to this topic. Login to reply