mercureact/doc/SecurityNotes.md
Christopher Vagnetoft b3476881e1 Configuration fixes, makefile tweaks
* The PHAR now gets tagged with version and buildtime
* WebSocket support can now be disabled
2024-03-12 01:13:19 +01:00

460 B

Security

This is alpha quality software. Expect, and please report, any bugs encountered.

Authentication

When using the query thing for authentication, keep in mind that the authentication details may be saved to logs. mercureactd itself doese not log more than the path by default, but any downstream proxies may not be as caring. This is part of the reason why the Mercure specification doesn't care much for WebSockets -- they are hard to secure.