11. Privacy and Secrets

Three may keep a secret, if two of them are dead.

–BENJAMIN FRANKLIN

Most programs have something to hide. They need to be discerning about who gets to look at or modify the data they control. The need to maintain confidentiality is often associated with traditional security features such as access control, authentication, and cryptography, but to an increasing degree, it’s being addressed by programmers who don’t realize they’re making security decisions. The sections in this chapter share a common thread: keeping information away from an attacker who is bent on gaining access to it. The chapter covers these topics:

Privacy and regulation—Public attitudes about privacy are changing. Those attitudes are quickly turning ...

Get Secure Programming with Static Analysis now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.