Back to Security Pattern Catalog

Obfuscated Transfer Object

Classification Key : Core Security, Information Disclosure


Large sets of data are often passed between multiple components as an object. The problem with this approach is that as data is passed across components, it is unnecessarily exposed to components that might not have access to it. It is very difficult to modify all the components to handle the data differently. How can large data sets be transferred between components without the components getting access to unauthorized data?


Obfuscate the data in the object that needs to be protected. The producers and consumers of data agree upon the sensitive data elements that need to be protected. Protect the data from any intermediary components. Use a masked list for storage of important data. Request data from the masked list only at the target end. Alternatively encrypt critical data using an agreed upon key between the source and the target component.

Known Uses

Data obfuscation using a masked list.

Related Patterns

Information Obscurity


Sun Book




Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz