Solved

Show only last 4 digits of Social Security Number (SSN) in a FormView asp:Label

Posted on 2007-12-03
7
7,213 Views
Last Modified: 2010-04-21
I need to mask all but the last 4 digits of a SSN in a FormView asp:Label.
What's the easiest way to hide the first 5 digits?

With a 9 digit SSN I want to only display the last 4.

Either display is fine:
"XXX-XX-6789" or just "6789"

I tried to find a string.format{0} that would work, but could find nothing like that.

Any ideas?

Thank you.
David
<asp:FormView ID="FormView1" runat="server" CellPadding="4" DataKeyNames="keyApplicantID"
            DataSourceID="SqlDataSource2" ForeColor="#333333">
            <FooterStyle BackColor="#5D7B9D" Font-Bold="True" ForeColor="White" />
            <EditRowStyle BackColor="#999999" />
            <EditItemTemplate>
                keyApplicantID:
                <asp:Label ID="keyApplicantIDLabel1" runat="server" Text='<%# Eval("keyApplicantID") %>'>
                </asp:Label><br />
                LastName:
                <asp:TextBox ID="LastNameTextBox" runat="server" Text='<%# Bind("LastName") %>'>
                </asp:TextBox><br />
                FirstName:
                <asp:TextBox ID="FirstNameTextBox" runat="server" Text='<%# Bind("FirstName") %>'>
                </asp:TextBox><br />
                SSN:
                <asp:TextBox ID="SSNTextBox" runat="server" Text='<%# Bind("SSN") %>'> <!-- Here's the SSN I want to mask -->
                </asp:TextBox><br />
                <asp:LinkButton ID="UpdateButton" runat="server" CausesValidation="True" CommandName="Update"
                    Text="Update">
                </asp:LinkButton>
                <asp:LinkButton ID="UpdateCancelButton" runat="server" CausesValidation="False" CommandName="Cancel"
                    Text="Cancel">
                </asp:LinkButton>
            </EditItemTemplate>

Open in new window

0
Comment
Question by:megnin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 1

Expert Comment

by:wizengamot
ID: 20399903
I would use the following procedure that I have written for you to hide the chars.  It will need to be called from somewhere in your codebehind file but, most most of your functions that you mentioned trying are called from there anyways.  I have tried to write a flexible function and as such you may wish to move some of the variables in the function signature to your web.config file or wherever you store Constants.  If in the future you wanted to change the MASK character then, you would only need to change the config file, and not every page that called this function.  

I would appreciate it if you left my signature in the code as well, but I do not require this.
Private Function HideDigits(ByVal str As String, ByVal NumberOfCharsToMask As Integer, ByVal MaskChar As Char) As String
        '*********************************************
        'Written by WizenGamot on Experts Exchange
        'December 3, 2007
        '*********************************************
        'you can control whether or not non-numeric characters are count as part of the numberofcharstomask
        'by moving to just above next.  In its current position only numeric characters are counted.
        'ignoring characters like "-" and so forth that are part of ssn numbers.
        Dim Returnvalue As String = ""
        Dim tmp() As Char = str.ToCharArray
        Dim Counter As Integer = 1
        For Each c As Char In tmp
            If IsNumeric(c) AndAlso Counter <= NumberOfCharsToMask Then
                Returnvalue += MaskChar
                Counter += 1
            Else
                Returnvalue += c
            End If
        Next
        Return Returnvalue
    End Function

Open in new window

0
 
LVL 1

Author Comment

by:megnin
ID: 20400352
WizenGamot,

Thank you.  Since I'm just starting to learn ASP.Net/VB, could you explain exactly how I would use your function?

I'm very new and although your Function looks like a very elegant solution, I have no idea what to do with it.

Thanks a lot, and I will definitely leave your signature block in the code.  I will also add comments based on your further explanation, for my own benefit.

Thanks.
0
 
LVL 69

Accepted Solution

by:
Scott Pletcher earned 500 total points
ID: 20407286
If the data is being read from a table, change the SELECT / stored proc / view to return only the 4 digits you need.  Just masking them on the screen is not secure enough if the intent is to make sure no one can see the full 9-digit ssn.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 1

Author Closing Comment

by:megnin
ID: 31412473
Yes, thank you.  That will work.
0
 
LVL 1

Expert Comment

by:wizengamot
ID: 20407937
Sorry I did not get back to you sooner Meqnin, the exact usage of the function would be to paste it into your code behind file and call it from there.  However, I agree with Scott Pletcher on this one, the most secure way to perform this function is to either perform the masking (number to X replacement) at the Business Logic Level or right at the data source level and prevent the SSN from being transmitted in its complete form to the client.  In my solution I focused on a generic method of masking and not the security aspects of the data you were working with.  The function could still be used, but based on the security issues raised by Scott, I would only use it in the Data Access Layer of code.  Since you have described yourself as a new learner in ASP.NET / VB.NET I suggest very highly that you buy a really good book on n-tier programming and once you have gone through that book the terms I have used here will become much more clear.  Its too much to explain all the terms here.
0
 
LVL 1

Author Comment

by:megnin
ID: 20412331
wizengamot, thank you for the follow-up.  

I'll use the more secure method and read up on n-tier programming as you suggested since this is the type of application I'll probably be working on for the most part.

Just for general programming technique, could you give me an example of a call to the function.  I'm really at beginner beginner level and learning to write and call a function would be of tremendous help to me.  Books an online tutorials usually are so full of "theory" that they are sometimes a bit hard to follow exactly what to do and a simple example is extremely helpful.

Thanks!  :-)
David
0
 
LVL 1

Author Comment

by:megnin
ID: 20412335
Oh, if you want me to open up a new question for that let me know, I'll be happy to.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL Job Hung 17 36
VB.Net Data Class 1 16
Set the FileVersion of a website dll 1 20
Validation for Passport expiry in asp.net 2 7
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
JSON is being used more and more, besides XML, and you surely wanted to parse the data out into SQL instead of doing it in some Javascript. The below function in SQL Server can do the job for you, returning a quick table with the parsed data.
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question