Back to Security Pattern Catalog




Trusted Proxy


Classification Key : Exterior Security, Tampering

Problem

Exposing a component to anonymous access in an un-trusted environment can be dangerous. The components can be misused and this affects accountability, availability, integrity and confidentiality. Some vulnerabilities may result in total system compromise. How can the shortcomings of security mechanisms of components be hidden from the malicious users?

Solution

Use a trusted proxy as a buffer between inadequately protected components and un-trusted users. The trusted proxy intercepts and filters all communication between the users and components in question. Enforce appropriate security mechanisms to compensate for the weaknesses of the protected components.

Known Uses

Entity Beans in EJB provide access with limited functionality.

Source

Kienzle et. al. Repository

Tags

Proxy, Delegation, Access Control


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz