Libraries have historically made great efforts to ensure the confidentiality of patron personally identifiable information (PII), but the rapid, widespread adoption of information technology and the internet have given rise to new privacy and security challenges. Hypertext Transport Protocol Secure (HTTPS) is a form of Hypertext Transport Protocol (HTTP) that enables secure communication over the public internet and provides a deterministic way to guarantee data confidentiality so that attackers cannot eavesdrop on communications. HTTPS has been used to protect sensitive information exchanges, but security exploits such as passive and active attacks have exposed the need to implement HTTPS in a more rigorous and pervasive manner. This report is intended to shed light on the state of HTTPS implementation in libraries, and to suggest ways in which libraries can evaluate and improve application security so that they can better protect the confidentiality of PII about library patrons.

中文翻译：

---

公共图书馆中的应用程序级安全性：一个案例研究

历来，图书馆一直在努力确保顾客个人身份信息（PII）的机密性，但是信息技术和互联网的迅速，广泛采用已经带来了新的隐私和安全挑战。超文本传输​​协议安全（HTTPS）是超文本传输​​协议（HTTP）的一种形式，它支持通过公共Internet进行安全通信，并提供确定性的方式来保证数据的机密性，从而使攻击者无法窃听通信。HTTPS已被用来保护敏感的信息交换，但是诸如被动和主动攻击之类的安全漏洞暴露了以更严格和普遍的方式实现HTTPS的需求。该报告旨在阐明库中HTTPS实施的状态，