Securing/encrypting sensitive data with clear display in DataGrid

[Marc S. Gibian]

I have an application that contains some sensitive data. I am
displaying the table containing this data via a DataGrid, using an
ADO.NET DataSet for the database access. I need to make sure the
sensitive data is not stored in the database in clear-text, yet I need
to provide clear-text display to authorized users. I had thought
setting up an ItemBound event handler would do the trick, but while it
does solve the problem, performing the decrypting the data in the
handler and thus between fetch from disk and display to the user, it
did this at the cost of removing the field from the set of text boxes
made available when the DataGrid's EditItemIndex is set. Since I need
to allow the user to treat the field as a normal field, changing it
with any other non-read-only field in the grid, this is not an
acceptable solution.

I am looking for pointers to approaches to solving this problem. I am
sure this is not a unique issue, since any HIPPA compliant application
using a DataSet bound to a DataGrid surely would encounter this issue.
I just haven't hit on a search to find these solutions.

 

[John Saunders]

I have an application that contains some sensitive data. I am
displaying the table containing this data via a DataGrid, using an
ADO.NET DataSet for the database access. I need to make sure the
sensitive data is not stored in the database in clear-text, yet I need
to provide clear-text display to authorized users. I had thought
setting up an ItemBound event handler would do the trick, but while it
does solve the problem, performing the decrypting the data in the
handler and thus between fetch from disk and display to the user, it
did this at the cost of removing the field from the set of text boxes
made available when the DataGrid's EditItemIndex is set.

Can you show the code in the ItemDataBound event? Also, can you show the
declaration of the column containing this text?

If the column is a TemplateColumn with both ItemTemplate and
EditItemTemplate templates, then I don't know why it wouldn't be available
during edit.

John Saunders

 

[Marc Gibian]

Can you show the code in the ItemDataBound event? Also, can >> you
show the declaration of the column containing this
<asp:BoundColumn DataField="MyValue" HeaderText="MyValue">
<HeaderStyle Wrap="False"></HeaderStyle>
<ItemStyle Wrap="False"></ItemStyle>
</asp:BoundColumn>

private void Grid_ItemBound(object sender,
System.Web.UI.WebControls.DataGridItemEventArgs e) {

if (e.Item.ItemIndex >=0) {
e.Item.Cells[4].Text = e.Item.Cells[4].Text + "###";
}
}

I see the intended text with the ### marker, but when I set an
EditItemIndex I don't get a textbox for this column.

I switched to a TemplateColumn and now things do appear to be working,
though I'm not quite done changing how my code accesses the relevent
controls.

I am learning that, when in doubt, switch to TemplateColumn and try
again?

Thanks for your help,
Marc

 

[David Jessee]

If this is all for HIPPA, you can store the data in the database in a clear
text format, assuming the database itself has appropriate security around
it.