11. Privacy and Secrets
Three may keep a secret, if two of them are dead.
Most programs have something to hide. They need to be discerning about who gets to look at or modify the data they control. The need to maintain confidentiality is often associated with traditional security features such as access control, authentication, and cryptography, but to an increasing degree, it’s being addressed by programmers who don’t realize they’re making security decisions. The sections in this chapter share a common thread: keeping information away from an attacker who is bent on gaining access to it. The chapter covers these topics:
• Privacy and regulation—Public attitudes about privacy are changing. Those attitudes are quickly turning ...