Question

Photo of Michael Manning

0

FAMILY SECURITY PROBLEM

We do not require creating a login to perform an event registration. Our event registration also allows the registrant to register other people even if they are non-family members. The "is this a family member" is defaulted to "yes" and is usually never touched by the registrant which means anyone they register for an event become part of their family. We've tried the "Ask" selection as well but's it's usually left as "yes" which again means the person is automatically put in the registrants family.

Those people then show as "Pending" and I mark them as "Active" and I have no knowledge if the family they are in is correct or not.

And this brings me to my big security concern that I found by testing can happen.

For example Judy Simpson registered her daughter Andrea Simpson and a neighbor Dani Kiner for an event and didn't pay much attention to the family status and now both Andrea Simpson and Dani Kiner are listed as part of Judy Simpson's family. They show as Pending and I change them to Active.

One week later, Dani Kiner decides to register for a web user id.

As a Rock admin I see Dani Kiner as a new "Pending" and it matches to an "Active" record which is the one previously entered by Judy Simpson. The natural course of action is to merge the new Pending to the Current Active. Since Dani Kiner is a part of Judy Simpson's family, right or wrong, she nows has a web login and with the login clicks on Account information and can see any and all family members in the Simpson family as well as Giving information etc...

I personally believe this is big security problem but given the circumstances, anyone have suggestions.

  • Photo of Jim Michael

    0

    I think the flaw here is that you're merging the new pending record and choosing to keep the existing record. Part of merging is doing "due dillegence" detective work to make sure you're merging (keeping) the right family. Here, our data integrity person would definitely recognize that Dani Kiner is clearly not in the Simpson family and choose her "new" family when merging.

    The only other option, if you can't do that sort of forensic-merging, is to disable the family question altogether, which will then create a lot of dupes as people enter family members (especially kids, which are hard to match because they typically don't have email addresses.)

  • Photo of Michael Manning

    0

    Jim, I couldn't agree with you more about the flaw... unfortunately we are a church of about 10,000 and I do not have the luxury of immediately recognizing whether someone belongs in a family or not. I catch a few that I do know however we have so many extended and blended family's that simply matching the last name is not feasible either.

    I appreciate the insight. I have gone in and changed the family association question to "ask" and that is helping some.

  • Photo of Jim Michael

    0

    We are a church of that size, too, but we have a dedicated "data integrity" person on staff that is good at figuring things out. That said, it's pretty easy to look at a person-to-be merged and see that they were registered by someone with a different last name... and often you have an age, so it wouldn't make sense for an adult with a different last name to be in the same home as the registrar.

    However, it could be that we define "in the same family" different than you do... in fact we changed the registration block to ask "in the same HOUSEHOLD?", because around here, someone who is not residing in the same household would not be added/merged to the same family. Changing that verbiage helps, I think, to drive the point home to the registrar that we're asking if this person *lives with you*, NOT if they are "family".