How to break the National Identity Register
I’ve just been at a public meeting of the Oxford branch of NO2ID, where a couple of MPs spoke about why they are opposed to the legislation. Before the event began a bunch of us in the office were having a database related discussion on the National Identity Register (NIR). We came up with ways to break the Register:
- Change your name to add some funny characters like a single quote or question mark,
or best of all:
- Turn your name into a SQL Injection Attack. I’ll let you know when I’ve changed my name to ‘; DROP TABLE REGISTER;
Posted: October 13th, 2005 under databases, id cards.
Comments: 1
Comments
Comment from Alberto Brandolini
Time: 3 November 2006, 18:40
Hmmm, SQL attack sounds interesting.
I was working on the Italian equivalent of the NIR, so I posed nearly the same question to the analysts. I wanted to know if I could name my son/daugther like
2pac
D3bo or C1p8
viol@
junior@brandolini.it
Unfortunately, all of these are forbidden by the law (Obi Uan Kenobi instead is allowed). Which means that my country won’t be a bit less interesting place to live in the future…
Write a comment