Currently, there are two known security concerns in Saga pack: *1. multi-tenants support* When pack is deployed in a cluster, access to transaction events should be limited to those have the corresponding permission. Without any restrictions to that will cause chaos in the management of transaction events and user can view all events pass through pack and have a peek of other transactions' flows which will be a serious security problem.
*2. encrypted transportation between alpha and omega* Currently, we use plain gRPC channel to communicate between alpha and omega. However, when it comes to production environment, users may want more secure transportation options. Settings of gRPC transportation should be configurable. We will solve the above security concerns ASAP in the next release. Any solution to the above security concerns is welcome. Besides, are there any other security concerns we miss? Welcome to point them out. Thanks. Best Regards! Eric Lee
