When working in an eco-system containing hundreds of applications, in most cases data is shared among these applications and in big companies we usually have a master data management and a data governance policy plan in place where these data are protected. Applications will use API microservices to gain access to data information.
Security wise, a well designed application is not expected to expose identifier to front-end users and with the advert of modern tools like Inspector, smart users can view your source code and extract the identifiers from the DOM. So what kind of strategy can we put in place to avoid tampering with our identifiers?
Let’s say, i have a micro-service “color” which returns a list of colors in the form of [1: red, 2: blue, 3: yellow] . So, to avoid displaying these identifiers in my front-end application, a creative solution is to display the list using a fake id. Exemple [a: red, b: blue, c: yellow]. By doing so, you will have to implement some kind of data transforming when communicating between the back-end and front-end.
You might consider encrypting the data instead of using an alternate identifier but from an architectural and enterprise point of view when you have hundreds of existing applications. These applications might already be using a list of colors in their front-end and each application have their own way of processing these information. So by having a data transformation, you are migrating towards a more compact and master data management plan.
The interesting thing when you are dealing with data transformation is how can you model your database structure ?
See part 2 for more information…
