Back to Security Pattern Catalog
Obfuscated Transfer Object
: Core Security, Information Disclosure
Large sets of data are often passed between multiple components as an object. The problem with this approach is that as data is passed across components, it is unnecessarily exposed to components that might not have access to it. It is very difficult to modify all the components to handle the data differently.
How can large data sets be transferred between components without the components getting access to unauthorized data?
Obfuscate the data in the object that needs to be protected. The producers and consumers of data agree upon the sensitive data elements that need to be protected. Protect the data from any intermediary components. Use a masked list for storage of important data. Request data from the masked list only at the target end. Alternatively encrypt critical data using an agreed upon key between the source and the target component.
Data obfuscation using a masked list.
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz