Currently, there are two known security concerns in Saga pack:

*1. multi-tenants support*
When pack is deployed in a cluster, access to transaction events should be
limited to those have the corresponding permission. Without any
restrictions to that will cause chaos in the management of transaction
events and user can view all events pass through pack and have a peek of
other transactions' flows which will be a serious security problem.

*2. encrypted transportation between alpha and omega*
Currently, we use plain gRPC channel to communicate between alpha and
omega. However, when it comes to production environment, users may want
more secure transportation options. Settings of gRPC transportation should
be configurable.

We will solve the above security concerns ASAP in the next release. Any
solution to the above security concerns is welcome. Besides, are there any
other security concerns we miss? Welcome to point them out. Thanks.

Best Regards!
Eric Lee

Reply via email to