Solved

Show only last 4 digits of Social Security Number (SSN) in a FormView asp:Label

Posted on 2007-12-03
7
7,223 Views
Last Modified: 2010-04-21
I need to mask all but the last 4 digits of a SSN in a FormView asp:Label.
What's the easiest way to hide the first 5 digits?

With a 9 digit SSN I want to only display the last 4.

Either display is fine:
"XXX-XX-6789" or just "6789"

I tried to find a string.format{0} that would work, but could find nothing like that.

Any ideas?

Thank you.
David
<asp:FormView ID="FormView1" runat="server" CellPadding="4" DataKeyNames="keyApplicantID"
            DataSourceID="SqlDataSource2" ForeColor="#333333">
            <FooterStyle BackColor="#5D7B9D" Font-Bold="True" ForeColor="White" />
            <EditRowStyle BackColor="#999999" />
            <EditItemTemplate>
                keyApplicantID:
                <asp:Label ID="keyApplicantIDLabel1" runat="server" Text='<%# Eval("keyApplicantID") %>'>
                </asp:Label><br />
                LastName:
                <asp:TextBox ID="LastNameTextBox" runat="server" Text='<%# Bind("LastName") %>'>
                </asp:TextBox><br />
                FirstName:
                <asp:TextBox ID="FirstNameTextBox" runat="server" Text='<%# Bind("FirstName") %>'>
                </asp:TextBox><br />
                SSN:
                <asp:TextBox ID="SSNTextBox" runat="server" Text='<%# Bind("SSN") %>'> <!-- Here's the SSN I want to mask -->
                </asp:TextBox><br />
                <asp:LinkButton ID="UpdateButton" runat="server" CausesValidation="True" CommandName="Update"
                    Text="Update">
                </asp:LinkButton>
                <asp:LinkButton ID="UpdateCancelButton" runat="server" CausesValidation="False" CommandName="Cancel"
                    Text="Cancel">
                </asp:LinkButton>
            </EditItemTemplate>

Open in new window

0
Comment
Question by:megnin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 1

Expert Comment

by:wizengamot
ID: 20399903
I would use the following procedure that I have written for you to hide the chars.  It will need to be called from somewhere in your codebehind file but, most most of your functions that you mentioned trying are called from there anyways.  I have tried to write a flexible function and as such you may wish to move some of the variables in the function signature to your web.config file or wherever you store Constants.  If in the future you wanted to change the MASK character then, you would only need to change the config file, and not every page that called this function.  

I would appreciate it if you left my signature in the code as well, but I do not require this.
Private Function HideDigits(ByVal str As String, ByVal NumberOfCharsToMask As Integer, ByVal MaskChar As Char) As String
        '*********************************************
        'Written by WizenGamot on Experts Exchange
        'December 3, 2007
        '*********************************************
        'you can control whether or not non-numeric characters are count as part of the numberofcharstomask
        'by moving to just above next.  In its current position only numeric characters are counted.
        'ignoring characters like "-" and so forth that are part of ssn numbers.
        Dim Returnvalue As String = ""
        Dim tmp() As Char = str.ToCharArray
        Dim Counter As Integer = 1
        For Each c As Char In tmp
            If IsNumeric(c) AndAlso Counter <= NumberOfCharsToMask Then
                Returnvalue += MaskChar
                Counter += 1
            Else
                Returnvalue += c
            End If
        Next
        Return Returnvalue
    End Function

Open in new window

0
 
LVL 1

Author Comment

by:megnin
ID: 20400352
WizenGamot,

Thank you.  Since I'm just starting to learn ASP.Net/VB, could you explain exactly how I would use your function?

I'm very new and although your Function looks like a very elegant solution, I have no idea what to do with it.

Thanks a lot, and I will definitely leave your signature block in the code.  I will also add comments based on your further explanation, for my own benefit.

Thanks.
0
 
LVL 69

Accepted Solution

by:
Scott Pletcher earned 500 total points
ID: 20407286
If the data is being read from a table, change the SELECT / stored proc / view to return only the 4 digits you need.  Just masking them on the screen is not secure enough if the intent is to make sure no one can see the full 9-digit ssn.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Closing Comment

by:megnin
ID: 31412473
Yes, thank you.  That will work.
0
 
LVL 1

Expert Comment

by:wizengamot
ID: 20407937
Sorry I did not get back to you sooner Meqnin, the exact usage of the function would be to paste it into your code behind file and call it from there.  However, I agree with Scott Pletcher on this one, the most secure way to perform this function is to either perform the masking (number to X replacement) at the Business Logic Level or right at the data source level and prevent the SSN from being transmitted in its complete form to the client.  In my solution I focused on a generic method of masking and not the security aspects of the data you were working with.  The function could still be used, but based on the security issues raised by Scott, I would only use it in the Data Access Layer of code.  Since you have described yourself as a new learner in ASP.NET / VB.NET I suggest very highly that you buy a really good book on n-tier programming and once you have gone through that book the terms I have used here will become much more clear.  Its too much to explain all the terms here.
0
 
LVL 1

Author Comment

by:megnin
ID: 20412331
wizengamot, thank you for the follow-up.  

I'll use the more secure method and read up on n-tier programming as you suggested since this is the type of application I'll probably be working on for the most part.

Just for general programming technique, could you give me an example of a call to the function.  I'm really at beginner beginner level and learning to write and call a function would be of tremendous help to me.  Books an online tutorials usually are so full of "theory" that they are sometimes a bit hard to follow exactly what to do and a simple example is extremely helpful.

Thanks!  :-)
David
0
 
LVL 1

Author Comment

by:megnin
ID: 20412335
Oh, if you want me to open up a new question for that let me know, I'll be happy to.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question