Back to Security Pattern Catalog

Trusted Proxy

Classification Key : Exterior Security, Tampering


Exposing a component to anonymous access in an un-trusted environment can be dangerous. The components can be misused and this affects accountability, availability, integrity and confidentiality. Some vulnerabilities may result in total system compromise. How can the shortcomings of security mechanisms of components be hidden from the malicious users?


Use a trusted proxy as a buffer between inadequately protected components and un-trusted users. The trusted proxy intercepts and filters all communication between the users and components in question. Enforce appropriate security mechanisms to compensate for the weaknesses of the protected components.

Known Uses

Entity Beans in EJB provide access with limited functionality.


Kienzle et. al. Repository


Proxy, Delegation, Access Control


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz