mercureact/doc/SecurityNotes.md

8 lines
460 B
Markdown
Raw Normal View History

2024-03-10 02:06:19 +00:00
# Security
This is alpha quality software. Expect, and please report, any bugs encountered.
## Authentication
When using the query thing for authentication, keep in mind that the authentication details may be saved to logs. `mercureactd` itself doese not log more than the path by default, but any downstream proxies may not be as caring. This is part of the reason why the Mercure specification doesn't care much for WebSockets -- they are hard to secure.