Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Show only last 4 digits of Social Security Number (SSN) in a FormView asp:Label

Posted on 2007-12-03
7
Medium Priority
?
7,428 Views
Last Modified: 2010-04-21
I need to mask all but the last 4 digits of a SSN in a FormView asp:Label.
What's the easiest way to hide the first 5 digits?

With a 9 digit SSN I want to only display the last 4.

Either display is fine:
"XXX-XX-6789" or just "6789"

I tried to find a string.format{0} that would work, but could find nothing like that.

Any ideas?

Thank you.
David
<asp:FormView ID="FormView1" runat="server" CellPadding="4" DataKeyNames="keyApplicantID"
            DataSourceID="SqlDataSource2" ForeColor="#333333">
            <FooterStyle BackColor="#5D7B9D" Font-Bold="True" ForeColor="White" />
            <EditRowStyle BackColor="#999999" />
            <EditItemTemplate>
                keyApplicantID:
                <asp:Label ID="keyApplicantIDLabel1" runat="server" Text='<%# Eval("keyApplicantID") %>'>
                </asp:Label><br />
                LastName:
                <asp:TextBox ID="LastNameTextBox" runat="server" Text='<%# Bind("LastName") %>'>
                </asp:TextBox><br />
                FirstName:
                <asp:TextBox ID="FirstNameTextBox" runat="server" Text='<%# Bind("FirstName") %>'>
                </asp:TextBox><br />
                SSN:
                <asp:TextBox ID="SSNTextBox" runat="server" Text='<%# Bind("SSN") %>'> <!-- Here's the SSN I want to mask -->
                </asp:TextBox><br />
                <asp:LinkButton ID="UpdateButton" runat="server" CausesValidation="True" CommandName="Update"
                    Text="Update">
                </asp:LinkButton>
                <asp:LinkButton ID="UpdateCancelButton" runat="server" CausesValidation="False" CommandName="Cancel"
                    Text="Cancel">
                </asp:LinkButton>
            </EditItemTemplate>

Open in new window

0
Comment
Question by:megnin
  • 4
  • 2
7 Comments
 
LVL 1

Expert Comment

by:wizengamot
ID: 20399903
I would use the following procedure that I have written for you to hide the chars.  It will need to be called from somewhere in your codebehind file but, most most of your functions that you mentioned trying are called from there anyways.  I have tried to write a flexible function and as such you may wish to move some of the variables in the function signature to your web.config file or wherever you store Constants.  If in the future you wanted to change the MASK character then, you would only need to change the config file, and not every page that called this function.  

I would appreciate it if you left my signature in the code as well, but I do not require this.
Private Function HideDigits(ByVal str As String, ByVal NumberOfCharsToMask As Integer, ByVal MaskChar As Char) As String
        '*********************************************
        'Written by WizenGamot on Experts Exchange
        'December 3, 2007
        '*********************************************
        'you can control whether or not non-numeric characters are count as part of the numberofcharstomask
        'by moving to just above next.  In its current position only numeric characters are counted.
        'ignoring characters like "-" and so forth that are part of ssn numbers.
        Dim Returnvalue As String = ""
        Dim tmp() As Char = str.ToCharArray
        Dim Counter As Integer = 1
        For Each c As Char In tmp
            If IsNumeric(c) AndAlso Counter <= NumberOfCharsToMask Then
                Returnvalue += MaskChar
                Counter += 1
            Else
                Returnvalue += c
            End If
        Next
        Return Returnvalue
    End Function

Open in new window

0
 
LVL 1

Author Comment

by:megnin
ID: 20400352
WizenGamot,

Thank you.  Since I'm just starting to learn ASP.Net/VB, could you explain exactly how I would use your function?

I'm very new and although your Function looks like a very elegant solution, I have no idea what to do with it.

Thanks a lot, and I will definitely leave your signature block in the code.  I will also add comments based on your further explanation, for my own benefit.

Thanks.
0
 
LVL 70

Accepted Solution

by:
Scott Pletcher earned 2000 total points
ID: 20407286
If the data is being read from a table, change the SELECT / stored proc / view to return only the 4 digits you need.  Just masking them on the screen is not secure enough if the intent is to make sure no one can see the full 9-digit ssn.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 1

Author Closing Comment

by:megnin
ID: 31412473
Yes, thank you.  That will work.
0
 
LVL 1

Expert Comment

by:wizengamot
ID: 20407937
Sorry I did not get back to you sooner Meqnin, the exact usage of the function would be to paste it into your code behind file and call it from there.  However, I agree with Scott Pletcher on this one, the most secure way to perform this function is to either perform the masking (number to X replacement) at the Business Logic Level or right at the data source level and prevent the SSN from being transmitted in its complete form to the client.  In my solution I focused on a generic method of masking and not the security aspects of the data you were working with.  The function could still be used, but based on the security issues raised by Scott, I would only use it in the Data Access Layer of code.  Since you have described yourself as a new learner in ASP.NET / VB.NET I suggest very highly that you buy a really good book on n-tier programming and once you have gone through that book the terms I have used here will become much more clear.  Its too much to explain all the terms here.
0
 
LVL 1

Author Comment

by:megnin
ID: 20412331
wizengamot, thank you for the follow-up.  

I'll use the more secure method and read up on n-tier programming as you suggested since this is the type of application I'll probably be working on for the most part.

Just for general programming technique, could you give me an example of a call to the function.  I'm really at beginner beginner level and learning to write and call a function would be of tremendous help to me.  Books an online tutorials usually are so full of "theory" that they are sometimes a bit hard to follow exactly what to do and a simple example is extremely helpful.

Thanks!  :-)
David
0
 
LVL 1

Author Comment

by:megnin
ID: 20412335
Oh, if you want me to open up a new question for that let me know, I'll be happy to.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windocks is an independent port of Docker's open source to Windows.   This article introduces the use of SQL Server in containers, with integrated support of SQL Server database cloning.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.
Suggested Courses

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question