Securing/encrypting sensitive data with clear display in DataGrid

Discussion in 'ASP .Net Web Controls' started by Marc S. Gibian, Nov 24, 2004.

  1. I have an application that contains some sensitive data. I am
    displaying the table containing this data via a DataGrid, using an
    ADO.NET DataSet for the database access. I need to make sure the
    sensitive data is not stored in the database in clear-text, yet I need
    to provide clear-text display to authorized users. I had thought
    setting up an ItemBound event handler would do the trick, but while it
    does solve the problem, performing the decrypting the data in the
    handler and thus between fetch from disk and display to the user, it
    did this at the cost of removing the field from the set of text boxes
    made available when the DataGrid's EditItemIndex is set. Since I need
    to allow the user to treat the field as a normal field, changing it
    with any other non-read-only field in the grid, this is not an
    acceptable solution.

    I am looking for pointers to approaches to solving this problem. I am
    sure this is not a unique issue, since any HIPPA compliant application
    using a DataSet bound to a DataGrid surely would encounter this issue.
    I just haven't hit on a search to find these solutions.
    Marc S. Gibian, Nov 24, 2004
    #1
    1. Advertising

  2. "Marc S. Gibian" <> wrote in message
    news:...
    >I have an application that contains some sensitive data. I am
    > displaying the table containing this data via a DataGrid, using an
    > ADO.NET DataSet for the database access. I need to make sure the
    > sensitive data is not stored in the database in clear-text, yet I need
    > to provide clear-text display to authorized users. I had thought
    > setting up an ItemBound event handler would do the trick, but while it
    > does solve the problem, performing the decrypting the data in the
    > handler and thus between fetch from disk and display to the user, it
    > did this at the cost of removing the field from the set of text boxes
    > made available when the DataGrid's EditItemIndex is set.


    Can you show the code in the ItemDataBound event? Also, can you show the
    declaration of the column containing this text?

    If the column is a TemplateColumn with both ItemTemplate and
    EditItemTemplate templates, then I don't know why it wouldn't be available
    during edit.

    John Saunders
    John Saunders, Nov 24, 2004
    #2
    1. Advertising

  3. Marc S. Gibian

    Marc Gibian Guest

    >> Can you show the code in the ItemDataBound event? Also, can >> you
    show the declaration of the column containing this
    >> text?


    <asp:BoundColumn DataField="MyValue" HeaderText="MyValue">
    <HeaderStyle Wrap="False"></HeaderStyle>
    <ItemStyle Wrap="False"></ItemStyle>
    </asp:BoundColumn>

    private void Grid_ItemBound(object sender,
    System.Web.UI.WebControls.DataGridItemEventArgs e) {

    if (e.Item.ItemIndex >=0) {
    e.Item.Cells[4].Text = e.Item.Cells[4].Text + "###";
    }
    }

    I see the intended text with the ### marker, but when I set an
    EditItemIndex I don't get a textbox for this column.

    >> If the column is a TemplateColumn with both ItemTemplate
    >> and EditItemTemplate templates, then I don't know why it
    >> wouldn't be available during edit.


    I switched to a TemplateColumn and now things do appear to be working,
    though I'm not quite done changing how my code accesses the relevent
    controls.

    I am learning that, when in doubt, switch to TemplateColumn and try
    again?

    Thanks for your help,
    Marc

    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
    Marc Gibian, Nov 25, 2004
    #3
  4. Marc S. Gibian

    David Jessee Guest

    If this is all for HIPPA, you can store the data in the database in a clear
    text format, assuming the database itself has appropriate security around
    it.

    "Marc S. Gibian" <> wrote in message
    news:...
    > I have an application that contains some sensitive data. I am
    > displaying the table containing this data via a DataGrid, using an
    > ADO.NET DataSet for the database access. I need to make sure the
    > sensitive data is not stored in the database in clear-text, yet I need
    > to provide clear-text display to authorized users. I had thought
    > setting up an ItemBound event handler would do the trick, but while it
    > does solve the problem, performing the decrypting the data in the
    > handler and thus between fetch from disk and display to the user, it
    > did this at the cost of removing the field from the set of text boxes
    > made available when the DataGrid's EditItemIndex is set. Since I need
    > to allow the user to treat the field as a normal field, changing it
    > with any other non-read-only field in the grid, this is not an
    > acceptable solution.
    >
    > I am looking for pointers to approaches to solving this problem. I am
    > sure this is not a unique issue, since any HIPPA compliant application
    > using a DataSet bound to a DataGrid surely would encounter this issue.
    > I just haven't hit on a search to find these solutions.
    David Jessee, Nov 26, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rob Meade

    Securing/Encrypting QueryStrings

    Rob Meade, Jan 22, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    359
    Rob Meade
    Jan 22, 2004
  2. Microsoft
    Replies:
    0
    Views:
    339
    Microsoft
    May 19, 2006
  3. David

    Response.Clear() doesn't clear

    David, Jan 31, 2008, in forum: ASP .Net
    Replies:
    2
    Views:
    1,001
    Mark Fitzpatrick
    Jan 31, 2008
  4. Guest

    whole Row in datagrid is sensitive on click

    Guest, Feb 22, 2005, in forum: ASP .Net Datagrid Control
    Replies:
    0
    Views:
    107
    Guest
    Feb 22, 2005
  5. InvalidLastName

    Unrecognized element 'add' after <clear></clear>

    InvalidLastName, Feb 26, 2007, in forum: ASP .Net Web Services
    Replies:
    3
    Views:
    933
    Steven Cheng[MSFT]
    Mar 6, 2007
Loading...

Share This Page