5.1 Security Considerations for Implementers

The protocol is vulnerable to information disclosure if an unauthorized client queries for packages available to a user. An unauthorized client can also upload incorrect usage statistics to the SetReport protocol server. To eliminate this attack, the protocol uses the access authentication functionality of the HTTP layer as specified in [RFC2616] section 11.