Request Dev Services ยป / Notes /

Be careful with sensitive info like SSNs in JavaScript (tips)

Should identification numbers – things like phone numbers and social-security numbers – be treated like numbers or like strings? Why or why not?

At first logic implementing SSNs as simple strings would be easier for both validation and to avoid confusion between other numeric operations nearby in the code or other user numeric input. But, a downside I can think of; it seems inherently less secure storing and calling user sensitive data as ‘strings’. I don’t believe they should be treated fully like ‘raw‘ numbers we use to do math functions on, for example, but I’m not sure storing them or calling them as a string would be the best method out there, of course it all depends on context, but assuming this is all done with client-side JavaScript it seems insecure. But, ultimately I believe if raw integer VS string for this – string would still be most relevant.

The security opinion to this, is pertaining to client-side JavaScript handling things as sensitive as SSNs, the ultimate problem, as I see it, is the source is always accessible from the browser – so a determined or skilled individual could quite possibly reverse engineer any encrypt string functions. Storing the data as simple strings seems pretty predictable. Stay tuned as I’ll post a custom solution for this in a future blog article!

“Avoid weak hash algorithms in storing sensitive data by making it harder to inverse the hash. The clear text password in the memory should be reset after computing the hash.” –

About the Author
Cameron Cashwell Web Developer
I build websites, web apps, and software. Wanna work together? Let's chat about your project!

Leave a Reply

Be the First to Comment!

Notify of