Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Applicant Registration - Design Help

Status
Not open for further replies.
mwa

mwa

Programmer
Jul 12, 2002
507
US
I'm in the process of designing an ASP.net application that would allow Job Applicants to register and submit applications for vacancies via the web. There is one requirement that I'm getting stuck on. In order for an Applicant to apply for vacancies, they must have an "Applicant" record in our corporate HR system. That "Applicant" record is keyed using the person's SSN. So, during registration, I must require the SSN. All is well on the first registration. I capture the SSN and other pertinent demographic info and insert that record into the HR system.

However, if the person forgets their logon (or forgets that they ever registered) and tries to re-register using the same SSN, I run into a problem. I can't make a second entry into the HR system because it would cause a key violation. But I also don't want to tell the user "SSN already exists" and give away any info to a malicious user.

I don't mind a person legitimately having more than one account registrations, but how do I appropriately link multiple login accounts to one SSN without giving away personal information to a malicious user?

Does anyone have any idea of how to best handle this situation?

Thanks,

mwa
<><
 
Sort by date Sort by votes
You should provide a way for the user to get thier username and or password, like you see on any site, "forgot password" like. You need to impliment that first.

If the person trys to register with the same SSN, you will have to tell them that the SSN is alreay in the DB. I don't see how anyone can use this information maliciouly. Also, all of this should be done on an SSL connection.

 
Upvote 0 Downvote
I've got a "Forgot Password" function already. But that assumes the user remembers creating the account and that they remember the email address that they used to register. For most people this would work and is not an issue.

I guess we're being over cautious, but the thought was someone like an ex-wife that knows her ex-husbands SSN could register a secondary account that links to the ex-husbands SSN. Thus giving her access to his infomation... A couple of clicks later, and she changes the ex-husbands info and marks him as a convicted felon. He is now ineligible to be employed by our organization.

Farfetched I know, but it was a concern that was brought up by management.


mwa
<><
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

G12Consult
  • Locked
  • Question
Help with Json
Replies
2
Views
399
gmmastros
gmmastros
peac3
  • Locked
  • Question
Generate console exe apps in web bin folder... help
Replies
1
Views
94
jbenson001
jbenson001
koklimabc
  • Locked
  • Question
space change into dot (or bullet) under designer view
Replies
1
Views
72
koklimabc
koklimabc
primagic
  • Locked
  • Question
Auto login after registration
Replies
1
Views
31
NESWalt
NESWalt
leo57
  • Locked
  • Question
asp.net vb.net need help with hiding the select button in gridview
Replies
2
Views
96
leo57
leo57

Part and Inventory Search

Sponsor

Back
Top