Solved

Show only last 4 digits of Social Security Number (SSN) in a FormView asp:Label

Posted on 2007-12-03
7
7,137 Views
Last Modified: 2010-04-21
I need to mask all but the last 4 digits of a SSN in a FormView asp:Label.
What's the easiest way to hide the first 5 digits?

With a 9 digit SSN I want to only display the last 4.

Either display is fine:
"XXX-XX-6789" or just "6789"

I tried to find a string.format{0} that would work, but could find nothing like that.

Any ideas?

Thank you.
David
<asp:FormView ID="FormView1" runat="server" CellPadding="4" DataKeyNames="keyApplicantID"

            DataSourceID="SqlDataSource2" ForeColor="#333333">

            <FooterStyle BackColor="#5D7B9D" Font-Bold="True" ForeColor="White" />

            <EditRowStyle BackColor="#999999" />

            <EditItemTemplate>

                keyApplicantID:

                <asp:Label ID="keyApplicantIDLabel1" runat="server" Text='<%# Eval("keyApplicantID") %>'>

                </asp:Label><br />

                LastName:

                <asp:TextBox ID="LastNameTextBox" runat="server" Text='<%# Bind("LastName") %>'>

                </asp:TextBox><br />

                FirstName:

                <asp:TextBox ID="FirstNameTextBox" runat="server" Text='<%# Bind("FirstName") %>'>

                </asp:TextBox><br />

                SSN:

                <asp:TextBox ID="SSNTextBox" runat="server" Text='<%# Bind("SSN") %>'> <!-- Here's the SSN I want to mask -->

                </asp:TextBox><br />

                <asp:LinkButton ID="UpdateButton" runat="server" CausesValidation="True" CommandName="Update"

                    Text="Update">

                </asp:LinkButton>

                <asp:LinkButton ID="UpdateCancelButton" runat="server" CausesValidation="False" CommandName="Cancel"

                    Text="Cancel">

                </asp:LinkButton>

            </EditItemTemplate>

Open in new window

0
Comment
Question by:megnin
  • 4
  • 2
7 Comments
 
LVL 1

Expert Comment

by:wizengamot
ID: 20399903
I would use the following procedure that I have written for you to hide the chars.  It will need to be called from somewhere in your codebehind file but, most most of your functions that you mentioned trying are called from there anyways.  I have tried to write a flexible function and as such you may wish to move some of the variables in the function signature to your web.config file or wherever you store Constants.  If in the future you wanted to change the MASK character then, you would only need to change the config file, and not every page that called this function.  

I would appreciate it if you left my signature in the code as well, but I do not require this.
Private Function HideDigits(ByVal str As String, ByVal NumberOfCharsToMask As Integer, ByVal MaskChar As Char) As String

        '*********************************************

        'Written by WizenGamot on Experts Exchange

        'December 3, 2007

        '*********************************************

        'you can control whether or not non-numeric characters are count as part of the numberofcharstomask

        'by moving to just above next.  In its current position only numeric characters are counted.

        'ignoring characters like "-" and so forth that are part of ssn numbers.

        Dim Returnvalue As String = ""

        Dim tmp() As Char = str.ToCharArray

        Dim Counter As Integer = 1

        For Each c As Char In tmp

            If IsNumeric(c) AndAlso Counter <= NumberOfCharsToMask Then

                Returnvalue += MaskChar

                Counter += 1

            Else

                Returnvalue += c

            End If

        Next

        Return Returnvalue

    End Function

Open in new window

0
 
LVL 1

Author Comment

by:megnin
ID: 20400352
WizenGamot,

Thank you.  Since I'm just starting to learn ASP.Net/VB, could you explain exactly how I would use your function?

I'm very new and although your Function looks like a very elegant solution, I have no idea what to do with it.

Thanks a lot, and I will definitely leave your signature block in the code.  I will also add comments based on your further explanation, for my own benefit.

Thanks.
0
 
LVL 69

Accepted Solution

by:
ScottPletcher earned 500 total points
ID: 20407286
If the data is being read from a table, change the SELECT / stored proc / view to return only the 4 digits you need.  Just masking them on the screen is not secure enough if the intent is to make sure no one can see the full 9-digit ssn.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 1

Author Closing Comment

by:megnin
ID: 31412473
Yes, thank you.  That will work.
0
 
LVL 1

Expert Comment

by:wizengamot
ID: 20407937
Sorry I did not get back to you sooner Meqnin, the exact usage of the function would be to paste it into your code behind file and call it from there.  However, I agree with Scott Pletcher on this one, the most secure way to perform this function is to either perform the masking (number to X replacement) at the Business Logic Level or right at the data source level and prevent the SSN from being transmitted in its complete form to the client.  In my solution I focused on a generic method of masking and not the security aspects of the data you were working with.  The function could still be used, but based on the security issues raised by Scott, I would only use it in the Data Access Layer of code.  Since you have described yourself as a new learner in ASP.NET / VB.NET I suggest very highly that you buy a really good book on n-tier programming and once you have gone through that book the terms I have used here will become much more clear.  Its too much to explain all the terms here.
0
 
LVL 1

Author Comment

by:megnin
ID: 20412331
wizengamot, thank you for the follow-up.  

I'll use the more secure method and read up on n-tier programming as you suggested since this is the type of application I'll probably be working on for the most part.

Just for general programming technique, could you give me an example of a call to the function.  I'm really at beginner beginner level and learning to write and call a function would be of tremendous help to me.  Books an online tutorials usually are so full of "theory" that they are sometimes a bit hard to follow exactly what to do and a simple example is extremely helpful.

Thanks!  :-)
David
0
 
LVL 1

Author Comment

by:megnin
ID: 20412335
Oh, if you want me to open up a new question for that let me know, I'll be happy to.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Nowadays, some of developer are too much worried about data. Who is using data, who is updating it etc. etc. Because, data is more costlier in term of money and information. So security of data is focusing concern in days. Lets' understand the Au…
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now