sql reporting services how-to: mask a parameter

Question

I have a requirement to allow my users to pull up a report for their customers using the customer\'s credit card number as a parameter. For security we want to mask the field, a

Answer 1

As far as I know there is no masked input for parameters in SSRS 2008. I'm not sure if custom code is the way to go. You haven't wold us about how you're delivering the reports, but a custom app or website with a ReportViewer may be your best bet for a solution. In addition to the ReportViewer control, you can place your own (masked input) controls for the user to input the parameter and send the value in code behind.

An important note though, think very carefully about how you deal with Credit Card numbers. Ask questions like this one (top comment: "If you have to ask this question, you probably shouldn't be storing credit card numbers. Outsource this if at all possible ") on our sister site security.stackexchange.com if you're unsure. In any case, know that SSRS isn't particularly secure by default: for one thing it stores the parameters sent plainly in the ReportServer databases.