SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 27

changes.mady.by.user Ankur Goyal

Saved on

compared with

New Version 28

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
It is imperative that sensitive data should be protected from eavesdropping and malicious tampering during transit. An Obfuscated Transfer Object \[[Steel 052005|AA. Java References#Steel 05]\] can be used to encrypt data in exchanges that involve multiple business tiers or end user systems. Obfuscation can be achieved, largely, by encrypting the sensitive object (sealing). This design pattern can further be supplemented to provide signature capabilities for guaranteeing object integrity.

...

References

Wiki Markup
\[[API 062006|AA. Java References#API 06]\] 
\[[Steel 052005|AA. Java References#Steel 05]\] Chapter 10: Securing the Business Tier, Obfuscated Transfer Object
\[[Gong 032003|AA. Java References#Gong 03]\] 9.10 Sealing Objects
\[[Harold 991999|AA. Java References#Harold 99]\] Chapter 11: Object Serialization, Sealed Objects 
\[[Neward 042004|AA. Java References#Neward 04]\] Item 64: Use SignedObject to provide integrity of Serialized objects and Item 65: Use SealedObject to provide confidentiality of Serializable objects
\[[MITRE 092009|AA. Java References#MITRE 09]\] [CWE ID 319|http://cwe.mitre.org/data/definitions/319.html] "Cleartext Transmission of Sensitive Information"

...