Back to Security Pattern Catalog

Information Obscurity

Classification Key : Core Security, Information Disclosure


How do you ensure that the sensitive data gathered and stored by some system is kept confidential and protected from unauthorized access?


Grade the information held by the system for sensitivity. Obscure the more sensitive items of data using an encryption mechanism in situations where it may be exposed to attack while leaving the bulk of the application data unencrypted. Protect the encryption artifacts, such as encryption keys, from direct attack.

Known Uses

Encryption of cached sensitive data on the Web server.

Related Patterns

Obfuscated Transfer Object


Wiley Book


Access Control, Encryption, Encryption Keys


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz