Masking & Scrambling Sensitive Data

When creating web applications, developers occasionally wish to hide, scramble or otherwise obfuscate data that is displayed on the page and/or sent via the URL. The main reason for this is that application developers need to protect the information being sent across the URL from being read by the end-user. An example of this would be in the medical field, where a developer would want to protect Patient Names (or other information) from being displayed in plain view.

Video Walkthrough

To mask characters within a particular field, open m-Painter and find the field you would like to mask. Right click on its cell, and select “Edit Cell HTML.” Replace ${row.FIELD} with ${maskright(row.FIELD,3)}. m-Power also supports masking the left portion of your field with maskleft, instead of maskright.
Be sure to replace row.FIELD with your FIELD name. The second parameter available tells m-Power how many characters you wish to display in clear/readable text.


To obfuscate URL parameters, open m-Painter and find the link you need to change. Find the parameter listed in your link, such as FIELD=${row.FIELD?url}. Modify the parameter, so it reads as: FIELD=${scramble(row.FIELD?url)}. Notice that the row.FIELD has been wrapped by scramble().

Please keep in mind that utilizing this obfuscate/scramble feature does not negate best security practices. mrc still encourages you to set up HTTPS protocol to protect data in-transit, as well as row level security so users can only access records that are pertinent to them.

Related Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *