I would have to agree with HTH. Unless the actual SSN is required.. why serve it? There are a variety of strategies for how to deal with sensitive data, but (IMHO) masking at the client is among the last I would consider. If there is masking to be done it should be done before it is sent to the client to simply avoid the issue. Sometimes avoidance is valuable tool. Send what is "required" (slippery slope if there ever was one) and no more.
As for 3270, SSL/TLS should take care of encrypting the conversation. Rob Schramm ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
