Papi G

[Idara Viengxay]

Greatauthentic food and atmosphere. Had the chorizzo burrito. Excellent experience. The service was great. They have a great location right off the river and I bet at night the vibe is nice. Would definitely go again.

Insert *chefs kiss* these tacos are 10/10. I've come for $2 taco Tuesday every week for close to 2 months straight. I always get the carne asada, carnitas, and Al pastor tacos. The staff is so friendly too. Cannot recommend enough to try this amazing place out.

First time ever trying papi's and it did not disappoint at all, we went on a busy Saturday and there was one other couple there, the hosts was super helpful and helped us out on finding the best chose. I got the three street tacos and they were the best I've ever had from a restaurant. Well be back.

True, authentic, Mexican food, that is served with excellence! And the best fish tacos this side of San Diego! (actually better than the ones I ate while visiting California!). Did I mention the Gelato? As good as it gets! All of this while choosing to to either dine in surrounded by genuine atmosphere, or enjoy outside dining, with a beautiful view of the reedy river & falls park! I recommend Papi's to everyone!

@chulcher Thank you for a very clear explanation, I have been struggling to get answers on this for some time and most posts end up unanswered or with vague outcomes. With regard to the security vulnerabilities that recommend enabling enhanced papi security with a non-default key, they never mention that CPSec makes this unnecessary. Do you think this is because although valid PAPI messages in a CPSec tunnnel are secure, it doesn't stop rogue messages beign received outside of the tunnel?

Also what the documentation doesn't seem to say is whether the order that we implement this is important - does it need to be done on the controllers first, then the MM or the other way round, or does it even matter, especially as you say, tunnelled messages don't use it.

CPSec doesn't mitigate the issue, CPSec is tangential to the issue. The PAPI port is still open regardless of CPSec configuration, PAPI security is required to be enabled so that PAPI received is validated as legitimate.

Just in case anyone else is concerned about this, I have enabled it as @chulcher described and it worked with no service impact on an HA pair of conductors, a single managed controller and on a cluster of controllers, all managed by the conductors.

3a8082e126