Back to Security Pattern Catalog




Information Obscurity


Classification Key : Core Security, Information Disclosure

Problem

How do you ensure that the sensitive data gathered and stored by some system is kept confidential and protected from unauthorized access?

Solution

Grade the information held by the system for sensitivity. Obscure the more sensitive items of data using an encryption mechanism in situations where it may be exposed to attack while leaving the bulk of the application data unencrypted. Protect the encryption artifacts, such as encryption keys, from direct attack.

Known Uses

Encryption of cached sensitive data on the Web server.

Related Patterns

Obfuscated Transfer Object

Source

Wiley Book

Tags

Access Control, Encryption, Encryption Keys


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz