Back to Security Pattern Catalog
: Core Security, Information Disclosure
How do you ensure that the sensitive data gathered and stored by some system is kept confidential and protected from unauthorized access?
Grade the information held by the system for sensitivity. Obscure the more sensitive items of data using an encryption mechanism in situations where it may be exposed to attack while leaving the bulk of the application data unencrypted. Protect the encryption artifacts, such as encryption keys, from direct attack.
Encryption of cached sensitive data on the Web server.
Obfuscated Transfer Object
Access Control, Encryption, Encryption Keys
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz