diff --git a/ChangeLog b/ChangeLog
index e3ac8b9d32..6ea5df5b64 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Mon Mar 16 13:17:05 EDT 2009 Cole Robinson <crobinso@redhat.com>
+
+	* src/libvirt.c: Don't allow readonly connections to dump secure xml.
+
 Mon Mar 16 13:15:11 EDT 2009 Cole Robinson <crobinso@redhat.com>
 
 	* src/qemu_driver.c: Initialize security driver after config parsing
diff --git a/src/libvirt.c b/src/libvirt.c
index bf3453a06d..f29df6bea3 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -2619,6 +2619,12 @@ virDomainGetXMLDesc(virDomainPtr domain, int flags)
 
     conn = domain->conn;
 
+    if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) {
+        virLibConnError(conn, VIR_ERR_OPERATION_DENIED,
+                        _("virDomainGetXMLDesc with secure flag"));
+        goto error;
+    }
+
     if (conn->driver->domainDumpXML) {
         char *ret;
         ret = conn->driver->domainDumpXML (domain, flags);