# Security defaults (expectations)
**liner does not provide transport encryption, authentication, or authorization between clients.** All application bytes move over **plain TCP** between peers; anyone who can **observe**, **inject**, or **redirect** traffic on that path can read or tamper with messages unless you add your own TLS (e.g. stunnel, sidecar) or run only on a network you fully trust (single host, locked-down VLAN). The **store** is a separate trust surface: **Redis** accepts whatever your URL and **`ACL`/`AUTH`** allow—any principal that can reach the server and issue commands in the same logical database can **read, write, or delete** `lnr_*` keys and therefore **spoof routing, drop queues, or inject data**; use a **dedicated Redis instance or DB index**, strong credentials, and network restrictions. **SQLite** is a **normal file**: confidentiality and integrity depend on **OS filesystem permissions** and backup policy; any user or process with **read/write** access to the path can alter or copy broker state. **PostgreSQL** (optional **`postgres`** feature) uses **libpq with `NoTls` in the stock build**—credentials in the URL and **database-level access control** define who can read or change liner tables; use a **dedicated database**, least-privilege roles, and TLS at the server or proxy if the network is untrusted. Treat liner as **infrastructure inside a trusted zone**, not as a hardened Internet-facing service out of the box.