Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How to Mask a SQL Report Parameter Values

Posted on 2011-05-13
Medium Priority
Last Modified: 2012-05-11
A SQL report is filtered by parameters values that are sensitive, such as bank account number and social security number. After the sensitive values are entered and [View Report] is clicked, the report renders the correct data, and continues to display the parameter values that were entered prior. I don't want someone who may be standing a few feet away to be able to note the sensitive values that appear in the parameter boxes. How can I mask these parameter values?

The idea would be similar to logging into a system and having to enter a username and password. The password would typically be masked by a series of characters, such as * instead of displaying the password in clear text. Is there a way that I can apply a similar mask to a report parameter?

If I review the XML behind the SQL report, I see tags like the following:
    <ReportParameter Name="prmSSN">
      <Prompt>Social Security #:</Prompt>
Are there other attributes, besides the Name attribute (Name="prmSSN") that I can utilize to mask the user input, such as:
    <ReportParameter Name="prmSSN" Mask="*">

Thanks a bunch
Question by:brian_appliedcpu
  • 3
  • 2

Expert Comment

ID: 35755683
Hope you can do better but...

(see answer from MS empolyee)

Expert Comment

ID: 35755723
Here is a suggestion though,

You could have a starting report that accepts the value. When the report is run, use a stored proc, passing the user and the secure field and store it into a table. Let all the other reports reference this table for field values. You could have another "report" that clears the values.

Accepted Solution

brian_appliedcpu earned 2000 total points
ID: 35933741
Thanks for the help. I have decided to use the Visual Studio ReportViewer control.

Author Comment

ID: 36426253
I've requested that this question be closed as follows:

Accepted answer: 0 points for brian_appliedcpu's comment http:/Q_27036807.html#35933741

for the following reason:

it was the only viable solution

Expert Comment

ID: 36426254
Though you may not have liked the answer, I answered the question.

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question