Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Show only last 4 digits of Social Security Number (SSN) in a FormView asp:Label

Posted on 2007-12-03
7
Medium Priority
?
7,382 Views
Last Modified: 2010-04-21
I need to mask all but the last 4 digits of a SSN in a FormView asp:Label.
What's the easiest way to hide the first 5 digits?

With a 9 digit SSN I want to only display the last 4.

Either display is fine:
"XXX-XX-6789" or just "6789"

I tried to find a string.format{0} that would work, but could find nothing like that.

Any ideas?

Thank you.
David
<asp:FormView ID="FormView1" runat="server" CellPadding="4" DataKeyNames="keyApplicantID"
            DataSourceID="SqlDataSource2" ForeColor="#333333">
            <FooterStyle BackColor="#5D7B9D" Font-Bold="True" ForeColor="White" />
            <EditRowStyle BackColor="#999999" />
            <EditItemTemplate>
                keyApplicantID:
                <asp:Label ID="keyApplicantIDLabel1" runat="server" Text='<%# Eval("keyApplicantID") %>'>
                </asp:Label><br />
                LastName:
                <asp:TextBox ID="LastNameTextBox" runat="server" Text='<%# Bind("LastName") %>'>
                </asp:TextBox><br />
                FirstName:
                <asp:TextBox ID="FirstNameTextBox" runat="server" Text='<%# Bind("FirstName") %>'>
                </asp:TextBox><br />
                SSN:
                <asp:TextBox ID="SSNTextBox" runat="server" Text='<%# Bind("SSN") %>'> <!-- Here's the SSN I want to mask -->
                </asp:TextBox><br />
                <asp:LinkButton ID="UpdateButton" runat="server" CausesValidation="True" CommandName="Update"
                    Text="Update">
                </asp:LinkButton>
                <asp:LinkButton ID="UpdateCancelButton" runat="server" CausesValidation="False" CommandName="Cancel"
                    Text="Cancel">
                </asp:LinkButton>
            </EditItemTemplate>

Open in new window

0
Comment
Question by:megnin
  • 4
  • 2
7 Comments
 
LVL 1

Expert Comment

by:wizengamot
ID: 20399903
I would use the following procedure that I have written for you to hide the chars.  It will need to be called from somewhere in your codebehind file but, most most of your functions that you mentioned trying are called from there anyways.  I have tried to write a flexible function and as such you may wish to move some of the variables in the function signature to your web.config file or wherever you store Constants.  If in the future you wanted to change the MASK character then, you would only need to change the config file, and not every page that called this function.  

I would appreciate it if you left my signature in the code as well, but I do not require this.
Private Function HideDigits(ByVal str As String, ByVal NumberOfCharsToMask As Integer, ByVal MaskChar As Char) As String
        '*********************************************
        'Written by WizenGamot on Experts Exchange
        'December 3, 2007
        '*********************************************
        'you can control whether or not non-numeric characters are count as part of the numberofcharstomask
        'by moving to just above next.  In its current position only numeric characters are counted.
        'ignoring characters like "-" and so forth that are part of ssn numbers.
        Dim Returnvalue As String = ""
        Dim tmp() As Char = str.ToCharArray
        Dim Counter As Integer = 1
        For Each c As Char In tmp
            If IsNumeric(c) AndAlso Counter <= NumberOfCharsToMask Then
                Returnvalue += MaskChar
                Counter += 1
            Else
                Returnvalue += c
            End If
        Next
        Return Returnvalue
    End Function

Open in new window

0
 
LVL 1

Author Comment

by:megnin
ID: 20400352
WizenGamot,

Thank you.  Since I'm just starting to learn ASP.Net/VB, could you explain exactly how I would use your function?

I'm very new and although your Function looks like a very elegant solution, I have no idea what to do with it.

Thanks a lot, and I will definitely leave your signature block in the code.  I will also add comments based on your further explanation, for my own benefit.

Thanks.
0
 
LVL 70

Accepted Solution

by:
Scott Pletcher earned 2000 total points
ID: 20407286
If the data is being read from a table, change the SELECT / stored proc / view to return only the 4 digits you need.  Just masking them on the screen is not secure enough if the intent is to make sure no one can see the full 9-digit ssn.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 1

Author Closing Comment

by:megnin
ID: 31412473
Yes, thank you.  That will work.
0
 
LVL 1

Expert Comment

by:wizengamot
ID: 20407937
Sorry I did not get back to you sooner Meqnin, the exact usage of the function would be to paste it into your code behind file and call it from there.  However, I agree with Scott Pletcher on this one, the most secure way to perform this function is to either perform the masking (number to X replacement) at the Business Logic Level or right at the data source level and prevent the SSN from being transmitted in its complete form to the client.  In my solution I focused on a generic method of masking and not the security aspects of the data you were working with.  The function could still be used, but based on the security issues raised by Scott, I would only use it in the Data Access Layer of code.  Since you have described yourself as a new learner in ASP.NET / VB.NET I suggest very highly that you buy a really good book on n-tier programming and once you have gone through that book the terms I have used here will become much more clear.  Its too much to explain all the terms here.
0
 
LVL 1

Author Comment

by:megnin
ID: 20412331
wizengamot, thank you for the follow-up.  

I'll use the more secure method and read up on n-tier programming as you suggested since this is the type of application I'll probably be working on for the most part.

Just for general programming technique, could you give me an example of a call to the function.  I'm really at beginner beginner level and learning to write and call a function would be of tremendous help to me.  Books an online tutorials usually are so full of "theory" that they are sometimes a bit hard to follow exactly what to do and a simple example is extremely helpful.

Thanks!  :-)
David
0
 
LVL 1

Author Comment

by:megnin
ID: 20412335
Oh, if you want me to open up a new question for that let me know, I'll be happy to.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
A Stored Procedure in Microsoft SQL Server is a powerful feature that it can be used to execute the Data Manipulation Language (DML) or Data Definition Language (DDL). Depending on business requirements, a single Stored Procedure can return differe…
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question