Sensitive data must be protected from eavesdropping and . All data that crosses a trust boundary must be protected from malicious tampering. An obfuscated transfer object [Steel 2005] that is strongly encrypted can protect data. This approach is known as sealing the object. To guarantee object integrity, apply a digital signature to the sealed object.
Sealing and signing objects is the preferred mechanism to secure data when
- Serializing or transporting sensitive Transporting sensitive data or serializing any data.
- A secure communication channel such as Secure Sockets Layer (SSL) is absent or is too costly for limited transactions.
- Sensitive data must persist over an extended period of time (for example, on a hard drive).
Avoid using home-brewed cryptographic algorithms; such algorithms will almost certainly introduce unnecessary vulnerabilities. Applications that apply home-brewed "cryptography" in the readObject() and writeObject() methods are prime examples of anti-patterns. However, using existing cryptography libraries inside readObject() and writeObject() is perfrectly warranted.
This rule applies to the intentional serialization of sensitive information. SER03-J. Do not serialize unencrypted sensitive data is meant to prevent the unintentional serialization of sensitive information.
...