Comment 3 for bug 1673569
Revision history for this message
| Matt Riedemann (mriedem) wrote Re: Failed notification payload is dumped in logs with auth secrets | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
I'm pretty sure notifications aren't considered a secure channel. If you're sending over rpc you should have ssl configured. But it's not required, and I remember long ago when the IBM product I was working on was using QEMU we were getting internal security audit flags because QEMU was logging credentials that were sent over the wire.