5.1 Security Considerations for Implementers
Implementers need to ensure that authorization checks exist on the COMA catalog stores.
Since COMA passes sensitive data (including passwords) on the wire, all COMA messages use an encrypted transport, as specified in section 2.1.
The Changeable and Deleteable properties specified for the conglomerations table (section 3.1.1.3.6) and partitions table (section 3.1.1.3.7) are not usable as security measures.
Table properties marked with fPROPERTY_NOTPERSISTABLE need to be treated as secrets and stored in an encrypted store.