Page History

It is imperative that sensitive data should be protected from eavesdropping and malicious tampering during transit. An Obfuscated Transfer Object \[[Steel 2005|AA. Java References#SteelBibliography#Steel 05]\] can be used to encrypt data in exchanges that involve multiple business tiers or end user systems. Obfuscation can be achieved, largely, by encrypting the sensitive object (sealing). This design pattern can further be supplemented to provide signature capabilities for guaranteeing object integrity.   

\[[API 2006|AA. Java References#APIBibliography#API 06]\] 
\[[Steel 2005|AA. JavaBibliography#Steel References#Steel 05]\] Chapter 10: Securing the Business Tier, Obfuscated Transfer Object
\[[Gong 2003|AA. Java References#GongBibliography#Gong 03]\] 9.10 Sealing Objects
\[[Harold 1999|AA. JavaBibliography#Harold References#Harold 99]\] Chapter 11: Object Serialization, Sealed Objects 
\[[Neward 2004|AA. Java References#NewardBibliography#Neward 04]\] Item 64: Use SignedObject to provide integrity of Serialized objects and Item 65: Use SealedObject to provide confidentiality of Serializable objects
\[[MITRE 2009|AA. Java References#MITREBibliography#MITRE 09]\] [CWE ID 319|http://cwe.mitre.org/data/definitions/319.html] "Cleartext Transmission of Sensitive Information"