Aaron J. Knoll

Planner / Programmer / Musician @ New York City

Data Security + National Security = Headaches

Posted on | November 3, 2009 | No Comments

The New York Times recently published an article about a new requirement which will mandate that passengers booking airline tickets must have an exact match between their ID and their boarding pass name.

When web programmers create a form to accept data they have to do the thinking for the computer. For example, we often assume that everyone will have a first name and last name, and possible even a middle name. This is fine when no one is harmed by not having the proper fields for their special name. The 1% whose names may not conform are not sufficiently harmed when they sign up for an epicurious account. Ideal? No. Acceptable, probably.

However, when we come into circumstances where exclusion will be a violation of a person’s basic rights, our jobs as programmers become much more difficult. A name like L. Lawrence Nutson (from the article) or Sainbayar (who alike some Mongolians only has one name) present a problem because they do not conform to the “norm.”

The reason web applications do not accept certain characters such as apostrophes, hyphens or other characters is due to the fact they can be used in code that can compromise the system. Simply put, it’s a matter of customer security. These characters are stripped so that it is impossible for a hacker to hack your form via incorrect data.

So here we have a situation where national security practices run against general best application security practices.

Now clearly, the impetus is on programmers to come up with better ways of accepting name entry, reconfiguring databases to accept all permutations while still maintaining a secure form. Perhaps the days of having two (or even 3) input boxes for your name are going the way of the Quagga an freeform name boxes that accept far more characters, perhaps sacrificing additional database space or that extra nanosecond of processing time that often leads to short name fields, and allowing everyone to order airline tickets no matter what their name looks like.

Category: Programming
Tags: > >

Comments

Leave a Reply





  • About Me

    Aaron Knoll has been a web programmer in a higher education environment for the past eight years. Currently I am pursuing my Masters in Urban Planning at the Pratt Institute in Brooklyn, New York.

  • Subscribe

    Subscribe to RSS Feed

  • RSS Twitter @ aaronknoll

  • Images of the City

    Bed_Stuy Model Block 018.jpgBed_Stuy Model Block 026.jpg
    Bed_Stuy Model Block 001.jpglkjkljlkjk